{"id":"CVE-2022-48812","summary":"net: dsa: lantiq_gswip: don't use devres for mdiobus","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: lantiq_gswip: don't use devres for mdiobus\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe GSWIP switch is a platform device, so the initial set of constraints\nthat I thought would cause this (I2C or SPI buses which call -\u003eremove on\n-\u003eshutdown) do not apply. But there is one more which applies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the GSWIP switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe gswip driver has the code structure in place for orderly mdiobus\nremoval, so just replace devm_mdiobus_alloc() with the non-devres\nvariant, and add manual free where necessary, to ensure that we don't\nlet devres free a still-registered bus.","modified":"2026-04-02T08:27:01.995799Z","published":"2024-07-16T11:44:01.907Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48812.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0d120dfb5d67edc5bcd1804e167dba2b30809afd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2443ba2fe396bdde187a2fdfa6a57375643ae93c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b5652bc50dde7b84e93dfb25479b64b817e377c1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e177d2e85ebcd3008c4b2abc293f4118e04eedef"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48812.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48812"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ac3a68d56651c3dad2c12c7afce065fe15267f44"},{"fixed":"e177d2e85ebcd3008c4b2abc293f4118e04eedef"},{"fixed":"b5652bc50dde7b84e93dfb25479b64b817e377c1"},{"fixed":"2443ba2fe396bdde187a2fdfa6a57375643ae93c"},{"fixed":"0d120dfb5d67edc5bcd1804e167dba2b30809afd"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48812.json"}}],"schema_version":"1.7.5"}