CVE-2022-48812: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The GSWIP switch is a platform device, so the initial set of constraints that I thought would cause this (I2C or SPI buses which call ->remove on ->shutdown) do not apply. But there is one more which applies here. If the DSA master itself is on a bus that calls ->remove from ->shutdown (like dpaa2-eth, which is on the fsl-mc bus), there is a device link between the switch and the DSA master, and device_links_unbind_consumers() will unbind the GSWIP switch driver on shutdown. So the same treatment must be applied to all DSA switch drivers, which is: either use devres for both the mdiobus allocation and registration, or don't use devres at all. The gswip driver has the code structure in place for orderly mdiobus removal, so just replace devm_mdiobus_alloc() with the non-devres variant, and add manual free where necessary, to ensure that we don't let devres free a still-registered bus.
AI Analysis
Technical Summary
CVE-2022-48812 is a vulnerability identified in the Linux kernel's Distributed Switch Architecture (DSA) subsystem, specifically affecting the lantiq_gswip driver that manages the GSWIP Ethernet switch hardware. The issue arises from improper resource management related to the MDIO bus (Management Data Input/Output), which is used for communication with Ethernet PHY devices. The vulnerability is due to the incorrect use of the device resource management (devres) API for allocating and freeing the mdiobus structure. In particular, the driver uses devres to allocate the mdiobus but does not unregister it before devres attempts to free it during device shutdown. This leads to a kernel panic when mdiobus_free() is called on a still-registered bus, causing a system crash. The root cause is linked to the interaction between the DSA master device and the GSWIP switch device, where device links cause the GSWIP driver to be unbound during shutdown, triggering devres_release_all() and the problematic mdiobus_free() call. The fix involves avoiding devres for mdiobus allocation and registration in the gswip driver and instead manually managing the mdiobus lifecycle to ensure it is properly unregistered before freeing. This correction prevents the kernel panic by ensuring orderly removal of the mdiobus resource. This vulnerability affects Linux kernel versions containing the affected commits and is relevant to systems using the lantiq_gswip driver for Ethernet switching hardware. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-48812 primarily concerns systems running Linux kernels with the vulnerable lantiq_gswip driver, typically embedded or network infrastructure devices such as routers, switches, or industrial control systems that utilize the GSWIP Ethernet switch hardware. A kernel panic triggered by this vulnerability results in a denial of service (DoS) condition, causing affected devices to crash and potentially reboot unexpectedly. This can disrupt network connectivity, degrade service availability, and impact critical infrastructure operations. Organizations relying on Linux-based networking equipment in sectors like telecommunications, manufacturing, energy, and public services may experience operational interruptions. Although the vulnerability does not directly lead to privilege escalation or data compromise, the availability impact can be significant in environments requiring high uptime and network reliability. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the kernel panic, especially during device shutdown or restart sequences. Given the widespread use of Linux in European IT and OT environments, the vulnerability poses a moderate operational risk that should be addressed promptly to maintain network stability and service continuity.
Mitigation Recommendations
To mitigate CVE-2022-48812, European organizations should: 1) Apply the latest Linux kernel patches that address the lantiq_gswip driver resource management issue as soon as they become available from trusted Linux distributions or kernel maintainers. 2) For embedded or network devices using custom or vendor-specific Linux kernels, coordinate with hardware vendors or system integrators to obtain updated firmware or kernel versions incorporating the fix. 3) Implement rigorous testing of kernel updates in controlled environments to ensure stability and compatibility before deployment in production. 4) Monitor device logs and system behavior for unexpected kernel panics or crashes related to network device shutdowns, which may indicate attempts to trigger this vulnerability. 5) Where possible, schedule device reboots or shutdowns during maintenance windows to minimize impact if a crash occurs. 6) Maintain an inventory of devices using the lantiq_gswip driver to prioritize patching and risk assessment. 7) Consider network segmentation and redundancy to reduce the operational impact of potential device outages caused by this vulnerability. These steps go beyond generic advice by focusing on vendor coordination, proactive monitoring, and operational planning tailored to the affected hardware and Linux kernel component.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium
CVE-2022-48812: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The GSWIP switch is a platform device, so the initial set of constraints that I thought would cause this (I2C or SPI buses which call ->remove on ->shutdown) do not apply. But there is one more which applies here. If the DSA master itself is on a bus that calls ->remove from ->shutdown (like dpaa2-eth, which is on the fsl-mc bus), there is a device link between the switch and the DSA master, and device_links_unbind_consumers() will unbind the GSWIP switch driver on shutdown. So the same treatment must be applied to all DSA switch drivers, which is: either use devres for both the mdiobus allocation and registration, or don't use devres at all. The gswip driver has the code structure in place for orderly mdiobus removal, so just replace devm_mdiobus_alloc() with the non-devres variant, and add manual free where necessary, to ensure that we don't let devres free a still-registered bus.
AI-Powered Analysis
Technical Analysis
CVE-2022-48812 is a vulnerability identified in the Linux kernel's Distributed Switch Architecture (DSA) subsystem, specifically affecting the lantiq_gswip driver that manages the GSWIP Ethernet switch hardware. The issue arises from improper resource management related to the MDIO bus (Management Data Input/Output), which is used for communication with Ethernet PHY devices. The vulnerability is due to the incorrect use of the device resource management (devres) API for allocating and freeing the mdiobus structure. In particular, the driver uses devres to allocate the mdiobus but does not unregister it before devres attempts to free it during device shutdown. This leads to a kernel panic when mdiobus_free() is called on a still-registered bus, causing a system crash. The root cause is linked to the interaction between the DSA master device and the GSWIP switch device, where device links cause the GSWIP driver to be unbound during shutdown, triggering devres_release_all() and the problematic mdiobus_free() call. The fix involves avoiding devres for mdiobus allocation and registration in the gswip driver and instead manually managing the mdiobus lifecycle to ensure it is properly unregistered before freeing. This correction prevents the kernel panic by ensuring orderly removal of the mdiobus resource. This vulnerability affects Linux kernel versions containing the affected commits and is relevant to systems using the lantiq_gswip driver for Ethernet switching hardware. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-48812 primarily concerns systems running Linux kernels with the vulnerable lantiq_gswip driver, typically embedded or network infrastructure devices such as routers, switches, or industrial control systems that utilize the GSWIP Ethernet switch hardware. A kernel panic triggered by this vulnerability results in a denial of service (DoS) condition, causing affected devices to crash and potentially reboot unexpectedly. This can disrupt network connectivity, degrade service availability, and impact critical infrastructure operations. Organizations relying on Linux-based networking equipment in sectors like telecommunications, manufacturing, energy, and public services may experience operational interruptions. Although the vulnerability does not directly lead to privilege escalation or data compromise, the availability impact can be significant in environments requiring high uptime and network reliability. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the kernel panic, especially during device shutdown or restart sequences. Given the widespread use of Linux in European IT and OT environments, the vulnerability poses a moderate operational risk that should be addressed promptly to maintain network stability and service continuity.
Mitigation Recommendations
To mitigate CVE-2022-48812, European organizations should: 1) Apply the latest Linux kernel patches that address the lantiq_gswip driver resource management issue as soon as they become available from trusted Linux distributions or kernel maintainers. 2) For embedded or network devices using custom or vendor-specific Linux kernels, coordinate with hardware vendors or system integrators to obtain updated firmware or kernel versions incorporating the fix. 3) Implement rigorous testing of kernel updates in controlled environments to ensure stability and compatibility before deployment in production. 4) Monitor device logs and system behavior for unexpected kernel panics or crashes related to network device shutdowns, which may indicate attempts to trigger this vulnerability. 5) Where possible, schedule device reboots or shutdowns during maintenance windows to minimize impact if a crash occurs. 6) Maintain an inventory of devices using the lantiq_gswip driver to prioritize patching and risk assessment. 7) Consider network segmentation and redundancy to reduce the operational impact of potential device outages caused by this vulnerability. These steps go beyond generic advice by focusing on vendor coordination, proactive monitoring, and operational planning tailored to the affected hardware and Linux kernel component.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.898Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe6254
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 9:57:59 PM
Last updated: 8/2/2025, 12:24:11 PM
Views: 11
Related Threats
CVE-2025-8932: SQL Injection in 1000 Projects Sales Management System
MediumCVE-2025-8931: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-8930: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-50610: n/a
HighCVE-2025-50609: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.