CVE-2022-48961
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
There is warning report about of_node refcount leak while probing mdio device:
OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /spi/soc@0/mdio@710700c0/ethernet@4
In of_mdiobus_register_device(), we increase fwnode refcount by fwnode_handle_get() before associating the of_node with mdio device, but it has never been decreased in normal path. Since that, in mdio_device_release(), it needs to call fwnode_handle_put() in addition instead of calling kfree() directly.
After above, just calling mdio_device_free() in the error handle path of of_mdiobus_register_device() is enough to keep the refcount balanced.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a9049e0c513c4521dbfaa302af8ed08b3366b41f < 16854177745a5648f8ec322353b432e18460f43a | affected |
| Linux | Linux | a9049e0c513c4521dbfaa302af8ed08b3366b41f < a5c6de1a6656b8cc6bce7cb3d9874dd7df4968c3 | affected |
| Linux | Linux | a9049e0c513c4521dbfaa302af8ed08b3366b41f < cb37617687f2bfa5b675df7779f869147c9002bd | affected |
| Linux | Linux | 4.5 | affected |
| Linux | Linux | 0 < 4.5 | unaffected |
| Linux | Linux | 5.15.83 <= 5.15.* | unaffected |
| Linux | Linux | 6.0.13 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/16854177745a5648f8ec322353b432e18460f43a
- https://git.kernel.org/stable/c/a5c6de1a6656b8cc6bce7cb3d9874dd7df4968c3
- https://git.kernel.org/stable/c/cb37617687f2bfa5b675df7779f869147c9002bd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.