{"vulnerability": "CVE-2022-48818", "sightings": [{"uuid": "b4332cdf-15ed-4b89-a379-206fb35a880f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48818", "type": "seen", "source": "https://t.me/cvedetector/947", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48818 - Marvell mv88e6xxx MDIO Bus Device Free of Charge Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-48818 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: dsa: mv88e6xxx: don't use devres for mdiobus  \n  \nAs explained in commits:  \n74b6d7d13307 (\"net: dsa: realtek: register the MDIO bus under devres\")  \n5135e96a3dd2 (\"net: dsa: don't allocate the slave_mii_bus using devres\")  \n  \nmdiobus_free() will panic when called from devm_mdiobus_free() remove on  \n->shutdown) do not apply. But there is one more which applies here.  \n  \nIf the DSA master itself is on a bus that calls ->remove from ->shutdown  \n(like dpaa2-eth, which is on the fsl-mc bus), there is a device link  \nbetween the switch and the DSA master, and device_links_unbind_consumers()  \nwill unbind the Marvell switch driver on shutdown.  \n  \nsystemd-shutdown[1]: Powering off.  \nmv88e6085 0x0000000008b96000:00 sw_gl0: Link is Down  \nfsl-mc dpbp.9: Removing from iommu group 7  \nfsl-mc dpbp.8: Removing from iommu group 7  \n------------[ cut here ]------------  \nkernel BUG at drivers/net/phy/mdio_bus.c:677!  \nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP  \nModules linked in:  \nCPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00040-gdc05f73788e5 #15  \npc : mdiobus_free+0x44/0x50  \nlr : devm_mdiobus_free+0x10/0x20  \nCall trace:  \n mdiobus_free+0x44/0x50  \n devm_mdiobus_free+0x10/0x20  \n devres_release_all+0xa0/0x100  \n __device_release_driver+0x190/0x220  \n device_release_driver_internal+0xac/0xb0  \n device_links_unbind_consumers+0xd4/0x100  \n __device_release_driver+0x4c/0x220  \n device_release_driver_internal+0xac/0xb0  \n device_links_unbind_consumers+0xd4/0x100  \n __device_release_driver+0x94/0x220  \n device_release_driver+0x28/0x40  \n bus_remove_device+0x118/0x124  \n device_del+0x174/0x420  \n fsl_mc_device_remove+0x24/0x40  \n __fsl_mc_device_remove+0xc/0x20  \n device_for_each_child+0x58/0xa0  \n dprc_remove+0x90/0xb0  \n fsl_mc_driver_remove+0x20/0x5c  \n __device_release_driver+0x21c/0x220  \n device_release_driver+0x28/0x40  \n bus_remove_device+0x118/0x124  \n device_del+0x174/0x420  \n fsl_mc_bus_remove+0x80/0x100  \n fsl_mc_bus_shutdown+0xc/0x1c  \n platform_shutdown+0x20/0x30  \n device_shutdown+0x154/0x330  \n kernel_power_off+0x34/0x6c  \n __do_sys_reboot+0x15c/0x250  \n __arm64_sys_reboot+0x20/0x30  \n invoke_syscall.constprop.0+0x4c/0xe0  \n do_el0_svc+0x4c/0x150  \n el0_svc+0x24/0xb0  \n el0t_64_sync_handler+0xa8/0xb0  \n el0t_64_sync+0x178/0x17c  \n  \nSo the same treatment must be applied to all DSA switch drivers, which  \nis: either use devres for both the mdiobus allocation and registration,  \nor don't use devres at all.  \n  \nThe Marvell driver already has a good structure for mdiobus removal, so  \njust plug in mdiobus_free and get rid of devres. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:36.000000Z"}]}