{"id":"CVE-2022-48815","summary":"net: dsa: bcm_sf2: don't use devres for mdiobus","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: don't use devres for mdiobus\n\nAs explained in commits:\n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")\n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")\n\nmdiobus_free() will panic when called from devm_mdiobus_free() \u003c-\ndevres_release_all() \u003c- __device_release_driver(), and that mdiobus was\nnot previously unregistered.\n\nThe Starfighter 2 is a platform device, so the initial set of\nconstraints that I thought would cause this (I2C or SPI buses which call\n-\u003eremove on -\u003eshutdown) do not apply. But there is one more which\napplies here.\n\nIf the DSA master itself is on a bus that calls -\u003eremove from -\u003eshutdown\n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link\nbetween the switch and the DSA master, and device_links_unbind_consumers()\nwill unbind the bcm_sf2 switch driver on shutdown.\n\nSo the same treatment must be applied to all DSA switch drivers, which\nis: either use devres for both the mdiobus allocation and registration,\nor don't use devres at all.\n\nThe bcm_sf2 driver has the code structure in place for orderly mdiobus\nremoval, so just replace devm_mdiobus_alloc() with the non-devres\nvariant, and add manual free where necessary, to ensure that we don't\nlet devres free a still-registered bus.","modified":"2026-05-15T11:53:14.830312682Z","published":"2024-07-16T11:44:03.971Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48815.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/08e1a3554e99a1a5bd2835907381e2383ee85cae"},{"type":"WEB","url":"https://git.kernel.org/stable/c/08f1a20822349004bb9cc1b153ecb516e9f2889d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2770b795294ed312375c11ef1d0b810499c66b83"},{"type":"WEB","url":"https://git.kernel.org/stable/c/caabb5f64f5c32fceed93356bb688ef1ec6c5783"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48815.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48815"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.9.0"},{"fixed":"5.10.101"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.24"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.16.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48815.json"}}],"schema_version":"1.7.5"}