{"id":"CVE-2022-48817","summary":"net: dsa: ar9331: register the mdiobus under devres","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: ar9331: register the mdiobus under devres\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe ar9331 is an MDIO device, so the initial set of constraints that I\nthought would cause this (I2C or SPI buses which call -\u003eremove on\n-\u003eshutdown) do not apply. But there is one more which applies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the ar9331 switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe ar9331 driver doesn't have a complex code structure for mdiobus\nremoval, so just replace of_mdiobus_register with the devres variant in\norder to be all-devres and ensure that we don't free a still-registered\nbus.","modified":"2026-04-02T08:27:02.738275Z","published":"2024-07-16T11:44:05.291Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48817.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/475ce5dcf2d88fd4f3c213a0ac944e3e40702970"},{"type":"WEB","url":"https://git.kernel.org/stable/c/50facd86e9fbc4b93fe02e5fe05776047f45dbfb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aae1c6a1d3d696fc33b609fb12fe744a556d1dc5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f1842a8cb71de4d7eb75a86f76e88c7ee739218c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48817.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48817"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ac3a68d56651c3dad2c12c7afce065fe15267f44"},{"fixed":"475ce5dcf2d88fd4f3c213a0ac944e3e40702970"},{"fixed":"aae1c6a1d3d696fc33b609fb12fe744a556d1dc5"},{"fixed":"f1842a8cb71de4d7eb75a86f76e88c7ee739218c"},{"fixed":"50facd86e9fbc4b93fe02e5fe05776047f45dbfb"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48817.json"}}],"schema_version":"1.7.5"}