{"id":"CVE-2022-48813","summary":"net: dsa: felix: don't use devres for mdiobus","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: felix: don't use devres for mdiobus\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Felix VSC9959 switch is a PCI device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n-\u003eremove on -\u003eshutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the felix switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe felix driver has the code structure in place for orderly mdiobus\nremoval, so just replace devm_mdiobus_alloc_size() with the non-devres\nvariant, and add manual free where necessary, to ensure that we don't\nlet devres free a still-registered bus.","modified":"2026-04-02T08:27:02.118388Z","published":"2024-07-16T11:44:02.578Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48813.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/209bdb7ec6a28c7cdf580a0a98afbc9fc3b98932"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8cda7577a0b4018572f31e0caadfabd305ea2786"},{"type":"WEB","url":"https://git.kernel.org/stable/c/95e5402f9430b3c7d885dd3ec4c8c02c17936923"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9db6f056efd089e80d81c774c01b639adf30c097"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48813.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48813"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ac3a68d56651c3dad2c12c7afce065fe15267f44"},{"fixed":"95e5402f9430b3c7d885dd3ec4c8c02c17936923"},{"fixed":"8cda7577a0b4018572f31e0caadfabd305ea2786"},{"fixed":"9db6f056efd089e80d81c774c01b639adf30c097"},{"fixed":"209bdb7ec6a28c7cdf580a0a98afbc9fc3b98932"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48813.json"}}],"schema_version":"1.7.5"}