{"id":"CVE-2022-48814","summary":"net: dsa: seville: register the mdiobus under devres","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: seville: register the mdiobus under devres\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Seville VSC9959 switch is a platform device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n-\u003eremove on -\u003eshutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the seville switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe seville driver has a code structure that could accommodate both the\nmdiobus_unregister and mdiobus_free calls, but it has an external\ndependency upon mscc_miim_setup() from mdio-mscc-miim.c, which calls\ndevm_mdiobus_alloc_size() on its behalf. So rather than restructuring\nthat, and exporting yet one more symbol mscc_miim_teardown(), let's work\nwith devres and replace of_mdiobus_register with the devres variant.\nWhen we use all-devres, we can ensure that devres doesn't free a\nstill-registered bus (it either runs both callbacks, or none).","modified":"2026-04-02T08:27:02.358147Z","published":"2024-07-16T11:44:03.261Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48814.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0e816362d823cd46c666e64d8bffe329ee22f4cc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1d13e7221035947c62800c9d3d99b4ed570e27e7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bd488afc3b39e045ba71aab472233f2a78726e7b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48814.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48814"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ac3a68d56651c3dad2c12c7afce065fe15267f44"},{"fixed":"1d13e7221035947c62800c9d3d99b4ed570e27e7"},{"fixed":"0e816362d823cd46c666e64d8bffe329ee22f4cc"},{"fixed":"bd488afc3b39e045ba71aab472233f2a78726e7b"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48814.json"}}],"schema_version":"1.7.5"}