CVE-2022-48817

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the incorrect handling of resource identifiers in the Linux kernel's net component, specifically in the DSA (Distributed Switch Architecture) driver for the ar9331 device. The mdiobus free() function will panic when called from devm mdiobus free() due to the mdiobus not being previously unregistered. This issue applies when the DSA master is on a bus that calls ->remove from ->shutdown, such as the dpaa2-eth device on the fsl-mc bus. The same treatment must be applied to all DSA switch drivers, which is to either use devres for both the mdiobus allocation and registration or not use devres at all.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.