CVE-2022-48818: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The mv88e6xxx is an MDIO device, so the initial set of constraints that I thought would cause this (I2C or SPI buses which call ->remove on ->shutdown) do not apply. But there is one more which applies here. If the DSA master itself is on a bus that calls ->remove from ->shutdown (like dpaa2-eth, which is on the fsl-mc bus), there is a device link between the switch and the DSA master, and device_links_unbind_consumers() will unbind the Marvell switch driver on shutdown. systemd-shutdown[1]: Powering off. mv88e6085 0x0000000008b96000:00 sw_gl0: Link is Down fsl-mc dpbp.9: Removing from iommu group 7 fsl-mc dpbp.8: Removing from iommu group 7 ------------[ cut here ]------------ kernel BUG at drivers/net/phy/mdio_bus.c:677! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00040-gdc05f73788e5 #15 pc : mdiobus_free+0x44/0x50 lr : devm_mdiobus_free+0x10/0x20 Call trace: mdiobus_free+0x44/0x50 devm_mdiobus_free+0x10/0x20 devres_release_all+0xa0/0x100 __device_release_driver+0x190/0x220 device_release_driver_internal+0xac/0xb0 device_links_unbind_consumers+0xd4/0x100 __device_release_driver+0x4c/0x220 device_release_driver_internal+0xac/0xb0 device_links_unbind_consumers+0xd4/0x100 __device_release_driver+0x94/0x220 device_release_driver+0x28/0x40 bus_remove_device+0x118/0x124 device_del+0x174/0x420 fsl_mc_device_remove+0x24/0x40 __fsl_mc_device_remove+0xc/0x20 device_for_each_child+0x58/0xa0 dprc_remove+0x90/0xb0 fsl_mc_driver_remove+0x20/0x5c __device_release_driver+0x21c/0x220 device_release_driver+0x28/0x40 bus_remove_device+0x118/0x124 device_del+0x174/0x420 fsl_mc_bus_remove+0x80/0x100 fsl_mc_bus_shutdown+0xc/0x1c platform_shutdown+0x20/0x30 device_shutdown+0x154/0x330 kernel_power_off+0x34/0x6c __do_sys_reboot+0x15c/0x250 __arm64_sys_reboot+0x20/0x30 invoke_syscall.constprop.0+0x4c/0xe0 do_el0_svc+0x4c/0x150 el0_svc+0x24/0xb0 el0t_64_sync_handler+0xa8/0xb0 el0t_64_sync+0x178/0x17c So the same treatment must be applied to all DSA switch drivers, which is: either use devres for both the mdiobus allocation and registration, or don't use devres at all. The Marvell driver already has a good structure for mdiobus removal, so just plug in mdiobus_free and get rid of devres.
AI Analysis
Technical Summary
CVE-2022-48818 is a vulnerability in the Linux kernel affecting the Distributed Switch Architecture (DSA) subsystem, specifically the mv88e6xxx driver used for Marvell Ethernet switches. The issue arises from improper handling of the MDIO bus resource management during device shutdown and removal sequences. The vulnerability is rooted in the incorrect use of the devres (device resource) API for managing the mdiobus (MDIO bus) lifecycle. Specifically, the mdiobus_free() function is called improperly via devm_mdiobus_free() during device release, leading to a kernel panic (BUG) due to the mdiobus not being unregistered before freeing. This occurs in scenarios where the DSA master device resides on a bus that invokes the ->remove callback during shutdown (e.g., dpaa2-eth on the fsl-mc bus). The device link between the switch and the DSA master causes device_links_unbind_consumers() to unbind the Marvell switch driver during shutdown, triggering the faulty mdiobus_free() call. The resulting kernel panic manifests as an internal error and system crash during shutdown or reboot, impacting system stability and availability. The patch involves consistent management of the mdiobus resource by either fully using devres for both allocation and registration or avoiding devres altogether. The Marvell driver’s existing structure for mdiobus removal is leveraged to safely free the mdiobus without causing panics. This vulnerability does not appear to have known exploits in the wild and primarily affects Linux kernel versions containing the affected driver code prior to the fix. It is a logic error in kernel device resource management rather than a memory corruption or privilege escalation flaw.
Potential Impact
For European organizations relying on Linux-based systems with Marvell Ethernet switches managed via the DSA subsystem—common in embedded systems, network appliances, and industrial control devices—this vulnerability can cause unexpected kernel panics during system shutdown or reboot. This leads to potential denial of service (DoS) conditions, disrupting maintenance operations, automated updates, or controlled shutdowns. In critical infrastructure environments such as telecommunications, manufacturing, or data centers, such instability can result in operational downtime, increased maintenance costs, and potential cascading failures if automated recovery is not in place. While the vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant, especially in systems requiring high uptime or those that perform frequent reboots. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or targeted shutdown disruptions by insiders or attackers with system access. European organizations with embedded Linux devices or network infrastructure using affected kernel versions should prioritize patching to maintain operational reliability.
Mitigation Recommendations
1. Apply the official Linux kernel patches that correct the mdiobus resource management in the mv88e6xxx driver and related DSA switch drivers. Ensure kernel versions are updated to include the fix described in the commit history referenced by CVE-2022-48818. 2. For systems where immediate patching is not feasible, implement controlled shutdown procedures that avoid triggering the vulnerable code path, such as avoiding forced reboots or shutdowns that invoke device removal callbacks on the fsl-mc bus. 3. Monitor system logs for kernel BUG messages related to mdiobus_free or device release during shutdown to detect potential triggering of this issue. 4. For embedded or industrial devices, coordinate with hardware vendors to obtain firmware or kernel updates incorporating the fix. 5. Harden system access controls to prevent unauthorized users from initiating shutdowns or reboots that could exploit this vulnerability to cause denial of service. 6. Incorporate kernel crash recovery mechanisms and watchdog timers to minimize downtime in case of unexpected panics. 7. Conduct thorough testing of updated kernels in staging environments to verify stability before deployment in production.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Finland, Belgium
CVE-2022-48818: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The mv88e6xxx is an MDIO device, so the initial set of constraints that I thought would cause this (I2C or SPI buses which call ->remove on ->shutdown) do not apply. But there is one more which applies here. If the DSA master itself is on a bus that calls ->remove from ->shutdown (like dpaa2-eth, which is on the fsl-mc bus), there is a device link between the switch and the DSA master, and device_links_unbind_consumers() will unbind the Marvell switch driver on shutdown. systemd-shutdown[1]: Powering off. mv88e6085 0x0000000008b96000:00 sw_gl0: Link is Down fsl-mc dpbp.9: Removing from iommu group 7 fsl-mc dpbp.8: Removing from iommu group 7 ------------[ cut here ]------------ kernel BUG at drivers/net/phy/mdio_bus.c:677! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00040-gdc05f73788e5 #15 pc : mdiobus_free+0x44/0x50 lr : devm_mdiobus_free+0x10/0x20 Call trace: mdiobus_free+0x44/0x50 devm_mdiobus_free+0x10/0x20 devres_release_all+0xa0/0x100 __device_release_driver+0x190/0x220 device_release_driver_internal+0xac/0xb0 device_links_unbind_consumers+0xd4/0x100 __device_release_driver+0x4c/0x220 device_release_driver_internal+0xac/0xb0 device_links_unbind_consumers+0xd4/0x100 __device_release_driver+0x94/0x220 device_release_driver+0x28/0x40 bus_remove_device+0x118/0x124 device_del+0x174/0x420 fsl_mc_device_remove+0x24/0x40 __fsl_mc_device_remove+0xc/0x20 device_for_each_child+0x58/0xa0 dprc_remove+0x90/0xb0 fsl_mc_driver_remove+0x20/0x5c __device_release_driver+0x21c/0x220 device_release_driver+0x28/0x40 bus_remove_device+0x118/0x124 device_del+0x174/0x420 fsl_mc_bus_remove+0x80/0x100 fsl_mc_bus_shutdown+0xc/0x1c platform_shutdown+0x20/0x30 device_shutdown+0x154/0x330 kernel_power_off+0x34/0x6c __do_sys_reboot+0x15c/0x250 __arm64_sys_reboot+0x20/0x30 invoke_syscall.constprop.0+0x4c/0xe0 do_el0_svc+0x4c/0x150 el0_svc+0x24/0xb0 el0t_64_sync_handler+0xa8/0xb0 el0t_64_sync+0x178/0x17c So the same treatment must be applied to all DSA switch drivers, which is: either use devres for both the mdiobus allocation and registration, or don't use devres at all. The Marvell driver already has a good structure for mdiobus removal, so just plug in mdiobus_free and get rid of devres.
AI-Powered Analysis
Technical Analysis
CVE-2022-48818 is a vulnerability in the Linux kernel affecting the Distributed Switch Architecture (DSA) subsystem, specifically the mv88e6xxx driver used for Marvell Ethernet switches. The issue arises from improper handling of the MDIO bus resource management during device shutdown and removal sequences. The vulnerability is rooted in the incorrect use of the devres (device resource) API for managing the mdiobus (MDIO bus) lifecycle. Specifically, the mdiobus_free() function is called improperly via devm_mdiobus_free() during device release, leading to a kernel panic (BUG) due to the mdiobus not being unregistered before freeing. This occurs in scenarios where the DSA master device resides on a bus that invokes the ->remove callback during shutdown (e.g., dpaa2-eth on the fsl-mc bus). The device link between the switch and the DSA master causes device_links_unbind_consumers() to unbind the Marvell switch driver during shutdown, triggering the faulty mdiobus_free() call. The resulting kernel panic manifests as an internal error and system crash during shutdown or reboot, impacting system stability and availability. The patch involves consistent management of the mdiobus resource by either fully using devres for both allocation and registration or avoiding devres altogether. The Marvell driver’s existing structure for mdiobus removal is leveraged to safely free the mdiobus without causing panics. This vulnerability does not appear to have known exploits in the wild and primarily affects Linux kernel versions containing the affected driver code prior to the fix. It is a logic error in kernel device resource management rather than a memory corruption or privilege escalation flaw.
Potential Impact
For European organizations relying on Linux-based systems with Marvell Ethernet switches managed via the DSA subsystem—common in embedded systems, network appliances, and industrial control devices—this vulnerability can cause unexpected kernel panics during system shutdown or reboot. This leads to potential denial of service (DoS) conditions, disrupting maintenance operations, automated updates, or controlled shutdowns. In critical infrastructure environments such as telecommunications, manufacturing, or data centers, such instability can result in operational downtime, increased maintenance costs, and potential cascading failures if automated recovery is not in place. While the vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant, especially in systems requiring high uptime or those that perform frequent reboots. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or targeted shutdown disruptions by insiders or attackers with system access. European organizations with embedded Linux devices or network infrastructure using affected kernel versions should prioritize patching to maintain operational reliability.
Mitigation Recommendations
1. Apply the official Linux kernel patches that correct the mdiobus resource management in the mv88e6xxx driver and related DSA switch drivers. Ensure kernel versions are updated to include the fix described in the commit history referenced by CVE-2022-48818. 2. For systems where immediate patching is not feasible, implement controlled shutdown procedures that avoid triggering the vulnerable code path, such as avoiding forced reboots or shutdowns that invoke device removal callbacks on the fsl-mc bus. 3. Monitor system logs for kernel BUG messages related to mdiobus_free or device release during shutdown to detect potential triggering of this issue. 4. For embedded or industrial devices, coordinate with hardware vendors to obtain firmware or kernel updates incorporating the fix. 5. Harden system access controls to prevent unauthorized users from initiating shutdowns or reboots that could exploit this vulnerability to cause denial of service. 6. Incorporate kernel crash recovery mechanisms and watchdog timers to minimize downtime in case of unexpected panics. 7. Conduct thorough testing of updated kernels in staging environments to verify stability before deployment in production.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.900Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe6278
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 10:11:32 PM
Last updated: 8/4/2025, 7:48:23 AM
Views: 19
Related Threats
CVE-2025-55284: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in anthropics claude-code
HighCVE-2025-55286: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in vancluever z2d
HighCVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.