CVE-2022-48808: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic when DSA master device unbinds on shutdown Rafael reports that on a system with LX2160A and Marvell DSA switches, if a reboot occurs while the DSA master (dpaa2-eth) is up, the following panic can be seen: systemd-shutdown[1]: Rebooting. Unable to handle kernel paging request at virtual address 00a0000800000041 [00a0000800000041] address between user and kernel address ranges Internal error: Oops: 96000004 [#1] PREEMPT SMP CPU: 6 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00042-g8f5585009b24 #32 pc : dsa_slave_netdevice_event+0x130/0x3e4 lr : raw_notifier_call_chain+0x50/0x6c Call trace: dsa_slave_netdevice_event+0x130/0x3e4 raw_notifier_call_chain+0x50/0x6c call_netdevice_notifiers_info+0x54/0xa0 __dev_close_many+0x50/0x130 dev_close_many+0x84/0x120 unregister_netdevice_many+0x130/0x710 unregister_netdevice_queue+0x8c/0xd0 unregister_netdev+0x20/0x30 dpaa2_eth_remove+0x68/0x190 fsl_mc_driver_remove+0x20/0x5c __device_release_driver+0x21c/0x220 device_release_driver_internal+0xac/0xb0 device_links_unbind_consumers+0xd4/0x100 __device_release_driver+0x94/0x220 device_release_driver+0x28/0x40 bus_remove_device+0x118/0x124 device_del+0x174/0x420 fsl_mc_device_remove+0x24/0x40 __fsl_mc_device_remove+0xc/0x20 device_for_each_child+0x58/0xa0 dprc_remove+0x90/0xb0 fsl_mc_driver_remove+0x20/0x5c __device_release_driver+0x21c/0x220 device_release_driver+0x28/0x40 bus_remove_device+0x118/0x124 device_del+0x174/0x420 fsl_mc_bus_remove+0x80/0x100 fsl_mc_bus_shutdown+0xc/0x1c platform_shutdown+0x20/0x30 device_shutdown+0x154/0x330 __do_sys_reboot+0x1cc/0x250 __arm64_sys_reboot+0x20/0x30 invoke_syscall.constprop.0+0x4c/0xe0 do_el0_svc+0x4c/0x150 el0_svc+0x24/0xb0 el0t_64_sync_handler+0xa8/0xb0 el0t_64_sync+0x178/0x17c It can be seen from the stack trace that the problem is that the deregistration of the master causes a dev_close(), which gets notified as NETDEV_GOING_DOWN to dsa_slave_netdevice_event(). But dsa_switch_shutdown() has already run, and this has unregistered the DSA slave interfaces, and yet, the NETDEV_GOING_DOWN handler attempts to call dev_close_many() on those slave interfaces, leading to the problem. The previous attempt to avoid the NETDEV_GOING_DOWN on the master after dsa_switch_shutdown() was called seems improper. Unregistering the slave interfaces is unnecessary and unhelpful. Instead, after the slaves have stopped being uppers of the DSA master, we can now reset to NULL the master->dsa_ptr pointer, which will make DSA start ignoring all future notifier events on the master.
AI Analysis
Technical Summary
CVE-2022-48808 is a vulnerability identified in the Linux kernel specifically affecting systems using Distributed Switch Architecture (DSA) with Marvell DPAA2 Ethernet switches, such as those found in LX2160A platforms. The flaw manifests during system shutdown or reboot sequences when the DSA master network device (dpaa2-eth) is active. The root cause is a race condition and improper handling of network device deregistration events. When the DSA master device unbinds during shutdown, the kernel attempts to close network interfaces that have already been unregistered, leading to a kernel panic due to an invalid memory access. The panic occurs in the function dsa_slave_netdevice_event(), which handles NETDEV_GOING_DOWN notifications. The issue arises because after the DSA slave interfaces are unregistered by dsa_switch_shutdown(), the NETDEV_GOING_DOWN handler still attempts to close these now non-existent slave interfaces, causing a use-after-free or null pointer dereference. The vulnerability is triggered by a reboot or shutdown event and results in a denial of service (DoS) via kernel panic, which halts the system. The fix involves resetting the master->dsa_ptr pointer to NULL after slaves stop being uppers of the DSA master, preventing further notifier events on the master device and avoiding the panic. This vulnerability affects specific Linux kernel versions incorporating the affected DSA driver code and is relevant to embedded or specialized systems using Marvell DPAA2 Ethernet switches. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the primary impact of CVE-2022-48808 is a potential denial of service on Linux-based embedded systems or network devices using Marvell DPAA2 Ethernet switches with the DSA framework. This could disrupt critical infrastructure or industrial control systems relying on such hardware, causing unexpected reboots or system halts during shutdown or reboot operations. Enterprises deploying network appliances, telecommunications equipment, or specialized Linux-based devices in sectors such as manufacturing, energy, or telecommunications could face operational interruptions. While this vulnerability does not directly lead to remote code execution or data breach, the resulting kernel panic can cause downtime and affect availability of services. Organizations with automated reboot or shutdown procedures might experience repeated failures, impacting maintenance windows or system updates. The vulnerability is less likely to affect general-purpose Linux servers or desktops, limiting its scope primarily to embedded or specialized network hardware. However, given the critical role of network infrastructure in European digital ecosystems, even localized DoS conditions can have cascading effects on business continuity and service reliability.
Mitigation Recommendations
To mitigate CVE-2022-48808, organizations should: 1) Identify Linux systems using the LX2160A platform or other hardware with Marvell DPAA2 Ethernet switches and verify if the kernel version includes the vulnerable DSA driver code. 2) Apply the official Linux kernel patches that reset the master->dsa_ptr pointer after slave interfaces are detached, as incorporated in kernel versions released after this vulnerability was disclosed. 3) If immediate patching is not feasible, avoid rebooting or shutting down affected systems while the DSA master device is active, or implement controlled shutdown sequences that ensure DSA interfaces are properly quiesced before reboot. 4) Monitor system logs for kernel panics or Oops messages related to dsa_slave_netdevice_event or dpaa2_eth drivers to detect potential triggering of this issue. 5) Engage with hardware vendors or Linux distribution maintainers for updated kernel releases or backported fixes tailored to embedded platforms. 6) Incorporate this vulnerability into incident response and maintenance planning to minimize operational impact during patch deployment. 7) Consider network segmentation or redundancy to isolate affected devices and maintain service availability during remediation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Finland
CVE-2022-48808: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic when DSA master device unbinds on shutdown Rafael reports that on a system with LX2160A and Marvell DSA switches, if a reboot occurs while the DSA master (dpaa2-eth) is up, the following panic can be seen: systemd-shutdown[1]: Rebooting. Unable to handle kernel paging request at virtual address 00a0000800000041 [00a0000800000041] address between user and kernel address ranges Internal error: Oops: 96000004 [#1] PREEMPT SMP CPU: 6 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00042-g8f5585009b24 #32 pc : dsa_slave_netdevice_event+0x130/0x3e4 lr : raw_notifier_call_chain+0x50/0x6c Call trace: dsa_slave_netdevice_event+0x130/0x3e4 raw_notifier_call_chain+0x50/0x6c call_netdevice_notifiers_info+0x54/0xa0 __dev_close_many+0x50/0x130 dev_close_many+0x84/0x120 unregister_netdevice_many+0x130/0x710 unregister_netdevice_queue+0x8c/0xd0 unregister_netdev+0x20/0x30 dpaa2_eth_remove+0x68/0x190 fsl_mc_driver_remove+0x20/0x5c __device_release_driver+0x21c/0x220 device_release_driver_internal+0xac/0xb0 device_links_unbind_consumers+0xd4/0x100 __device_release_driver+0x94/0x220 device_release_driver+0x28/0x40 bus_remove_device+0x118/0x124 device_del+0x174/0x420 fsl_mc_device_remove+0x24/0x40 __fsl_mc_device_remove+0xc/0x20 device_for_each_child+0x58/0xa0 dprc_remove+0x90/0xb0 fsl_mc_driver_remove+0x20/0x5c __device_release_driver+0x21c/0x220 device_release_driver+0x28/0x40 bus_remove_device+0x118/0x124 device_del+0x174/0x420 fsl_mc_bus_remove+0x80/0x100 fsl_mc_bus_shutdown+0xc/0x1c platform_shutdown+0x20/0x30 device_shutdown+0x154/0x330 __do_sys_reboot+0x1cc/0x250 __arm64_sys_reboot+0x20/0x30 invoke_syscall.constprop.0+0x4c/0xe0 do_el0_svc+0x4c/0x150 el0_svc+0x24/0xb0 el0t_64_sync_handler+0xa8/0xb0 el0t_64_sync+0x178/0x17c It can be seen from the stack trace that the problem is that the deregistration of the master causes a dev_close(), which gets notified as NETDEV_GOING_DOWN to dsa_slave_netdevice_event(). But dsa_switch_shutdown() has already run, and this has unregistered the DSA slave interfaces, and yet, the NETDEV_GOING_DOWN handler attempts to call dev_close_many() on those slave interfaces, leading to the problem. The previous attempt to avoid the NETDEV_GOING_DOWN on the master after dsa_switch_shutdown() was called seems improper. Unregistering the slave interfaces is unnecessary and unhelpful. Instead, after the slaves have stopped being uppers of the DSA master, we can now reset to NULL the master->dsa_ptr pointer, which will make DSA start ignoring all future notifier events on the master.
AI-Powered Analysis
Technical Analysis
CVE-2022-48808 is a vulnerability identified in the Linux kernel specifically affecting systems using Distributed Switch Architecture (DSA) with Marvell DPAA2 Ethernet switches, such as those found in LX2160A platforms. The flaw manifests during system shutdown or reboot sequences when the DSA master network device (dpaa2-eth) is active. The root cause is a race condition and improper handling of network device deregistration events. When the DSA master device unbinds during shutdown, the kernel attempts to close network interfaces that have already been unregistered, leading to a kernel panic due to an invalid memory access. The panic occurs in the function dsa_slave_netdevice_event(), which handles NETDEV_GOING_DOWN notifications. The issue arises because after the DSA slave interfaces are unregistered by dsa_switch_shutdown(), the NETDEV_GOING_DOWN handler still attempts to close these now non-existent slave interfaces, causing a use-after-free or null pointer dereference. The vulnerability is triggered by a reboot or shutdown event and results in a denial of service (DoS) via kernel panic, which halts the system. The fix involves resetting the master->dsa_ptr pointer to NULL after slaves stop being uppers of the DSA master, preventing further notifier events on the master device and avoiding the panic. This vulnerability affects specific Linux kernel versions incorporating the affected DSA driver code and is relevant to embedded or specialized systems using Marvell DPAA2 Ethernet switches. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the primary impact of CVE-2022-48808 is a potential denial of service on Linux-based embedded systems or network devices using Marvell DPAA2 Ethernet switches with the DSA framework. This could disrupt critical infrastructure or industrial control systems relying on such hardware, causing unexpected reboots or system halts during shutdown or reboot operations. Enterprises deploying network appliances, telecommunications equipment, or specialized Linux-based devices in sectors such as manufacturing, energy, or telecommunications could face operational interruptions. While this vulnerability does not directly lead to remote code execution or data breach, the resulting kernel panic can cause downtime and affect availability of services. Organizations with automated reboot or shutdown procedures might experience repeated failures, impacting maintenance windows or system updates. The vulnerability is less likely to affect general-purpose Linux servers or desktops, limiting its scope primarily to embedded or specialized network hardware. However, given the critical role of network infrastructure in European digital ecosystems, even localized DoS conditions can have cascading effects on business continuity and service reliability.
Mitigation Recommendations
To mitigate CVE-2022-48808, organizations should: 1) Identify Linux systems using the LX2160A platform or other hardware with Marvell DPAA2 Ethernet switches and verify if the kernel version includes the vulnerable DSA driver code. 2) Apply the official Linux kernel patches that reset the master->dsa_ptr pointer after slave interfaces are detached, as incorporated in kernel versions released after this vulnerability was disclosed. 3) If immediate patching is not feasible, avoid rebooting or shutting down affected systems while the DSA master device is active, or implement controlled shutdown sequences that ensure DSA interfaces are properly quiesced before reboot. 4) Monitor system logs for kernel panics or Oops messages related to dsa_slave_netdevice_event or dpaa2_eth drivers to detect potential triggering of this issue. 5) Engage with hardware vendors or Linux distribution maintainers for updated kernel releases or backported fixes tailored to embedded platforms. 6) Incorporate this vulnerability into incident response and maintenance planning to minimize operational impact during patch deployment. 7) Consider network segmentation or redundancy to isolate affected devices and maintain service availability during remediation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.896Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe6230
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 9:55:52 PM
Last updated: 8/15/2025, 4:06:24 AM
Views: 14
Related Threats
CVE-2025-9109: Observable Response Discrepancy in Portabilis i-Diario
MediumCVE-2025-9108: Improper Restriction of Rendered UI Layers in Portabilis i-Diario
MediumCVE-2025-9107: Cross Site Scripting in Portabilis i-Diario
MediumCVE-2025-9106: Cross Site Scripting in Portabilis i-Diario
MediumCVE-2025-9105: Cross Site Scripting in Portabilis i-Diario
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.