CVE-2022-49061

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link

When using a fixed-link, the altr_tse_pcs driver crashes due to null-pointer dereference as no phy_device is provided to tse_pcs_fix_mac_speed function. Fix this by adding a check for phy_dev before calling the tse_pcs_fix_mac_speed() function.

Also clean up the tse_pcs_fix_mac_speed function a bit. There is no need to check for splitter_base and sgmii_adapter_base because the driver will fail if these 2 variables are not derived from the device tree.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfb3bbdb859891e6bc27fd1afb3a07319f82c2ee4 < 7e59fdf9547c4f948d1d917ec7ffa5fb5ac53bdbaffected
LinuxLinuxfb3bbdb859891e6bc27fd1afb3a07319f82c2ee4 < 08d5e3e954537931c8da7428034808d202e98299affected
LinuxLinuxfb3bbdb859891e6bc27fd1afb3a07319f82c2ee4 < 62a48383ebe2e159fd68425dd3e16d4c6bd6599aaffected
LinuxLinuxfb3bbdb859891e6bc27fd1afb3a07319f82c2ee4 < 6c020f05253df04c3480b586fe188a3582740049affected
LinuxLinuxfb3bbdb859891e6bc27fd1afb3a07319f82c2ee4 < a6aaa00324240967272b451bfa772547bd576ee6affected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux5.4.190 <= 5.4.*unaffected
LinuxLinux5.10.112 <= 5.10.*unaffected
LinuxLinux5.15.35 <= 5.15.*unaffected
LinuxLinux5.17.4 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References