CVE-2022-48754

Summary

In the Linux kernel, the following vulnerability has been resolved:

phylib: fix potential use-after-free

Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach().

The comment before the put_device() call says that the phydev might go away with put_device().

Fix potential use-after-free by calling phy_device_reset() before put_device().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbafbdd527d569c8200521f2f7579f65a044271be < 67d271760b037ce0806d687ee6057edc8afd4205affected
LinuxLinuxbafbdd527d569c8200521f2f7579f65a044271be < f39027cbada43b33566c312e6be3db654ca3ad17affected
LinuxLinuxbafbdd527d569c8200521f2f7579f65a044271be < bd024e36f68174b1793906c39ca16cee0c9295c2affected
LinuxLinuxbafbdd527d569c8200521f2f7579f65a044271be < aefaccd19379d6c4620269a162bfb88ff687f289affected
LinuxLinuxbafbdd527d569c8200521f2f7579f65a044271be < cb2fab10fc5e7a3aa1bb0a68a3abdcf3e37852afaffected
LinuxLinuxbafbdd527d569c8200521f2f7579f65a044271be < cbda1b16687580d5beee38273f6241ae3725960caffected
LinuxLinux4.16affected
LinuxLinux0 < 4.16unaffected
LinuxLinux4.19.228 <= 4.19.*unaffected
LinuxLinux5.4.176 <= 5.4.*unaffected
LinuxLinux5.10.96 <= 5.10.*unaffected
LinuxLinux5.15.19 <= 5.15.*unaffected
LinuxLinux5.16.5 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References