CVE-2022-49847: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload Move am65_cpsw_nuss_phylink_cleanup() call to after am65_cpsw_nuss_cleanup_ndev() so phylink is still valid to prevent the below Segmentation fault on module remove when first slave link is up. [ 31.652944] Unable to handle kernel paging request at virtual address 00040008000005f4 [ 31.684627] Mem abort info: [ 31.687446] ESR = 0x0000000096000004 [ 31.704614] EC = 0x25: DABT (current EL), IL = 32 bits [ 31.720663] SET = 0, FnV = 0 [ 31.723729] EA = 0, S1PTW = 0 [ 31.740617] FSC = 0x04: level 0 translation fault [ 31.756624] Data abort info: [ 31.759508] ISV = 0, ISS = 0x00000004 [ 31.776705] CM = 0, WnR = 0 [ 31.779695] [00040008000005f4] address between user and kernel address ranges [ 31.808644] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 31.814928] Modules linked in: wlcore_sdio wl18xx wlcore mac80211 libarc4 cfg80211 rfkill crct10dif_ce phy_gmii_sel ti_am65_cpsw_nuss(-) sch_fq_codel ipv6 [ 31.828776] CPU: 0 PID: 1026 Comm: modprobe Not tainted 6.1.0-rc2-00012-gfabfcf7dafdb-dirty #160 [ 31.837547] Hardware name: Texas Instruments AM625 (DT) [ 31.842760] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 31.849709] pc : phy_stop+0x18/0xf8 [ 31.853202] lr : phylink_stop+0x38/0xf8 [ 31.857031] sp : ffff80000a0839f0 [ 31.860335] x29: ffff80000a0839f0 x28: ffff000000de1c80 x27: 0000000000000000 [ 31.867462] x26: 0000000000000000 x25: 0000000000000000 x24: ffff80000a083b98 [ 31.874589] x23: 0000000000000800 x22: 0000000000000001 x21: ffff000001bfba90 [ 31.881715] x20: ffff0000015ee000 x19: 0004000800000200 x18: 0000000000000000 [ 31.888842] x17: ffff800076c45000 x16: ffff800008004000 x15: 000058e39660b106 [ 31.895969] x14: 0000000000000144 x13: 0000000000000144 x12: 0000000000000000 [ 31.903095] x11: 000000000000275f x10: 00000000000009e0 x9 : ffff80000a0837d0 [ 31.910222] x8 : ffff000000de26c0 x7 : ffff00007fbd6540 x6 : ffff00007fbd64c0 [ 31.917349] x5 : ffff00007fbd0b10 x4 : ffff00007fbd0b10 x3 : ffff00007fbd3920 [ 31.924476] x2 : d0a07fcff8b8d500 x1 : 0000000000000000 x0 : 0004000800000200 [ 31.931603] Call trace: [ 31.934042] phy_stop+0x18/0xf8 [ 31.937177] phylink_stop+0x38/0xf8 [ 31.940657] am65_cpsw_nuss_ndo_slave_stop+0x28/0x1e0 [ti_am65_cpsw_nuss] [ 31.947452] __dev_close_many+0xa4/0x140 [ 31.951371] dev_close_many+0x84/0x128 [ 31.955115] unregister_netdevice_many+0x130/0x6d0 [ 31.959897] unregister_netdevice_queue+0x94/0xd8 [ 31.964591] unregister_netdev+0x24/0x38 [ 31.968504] am65_cpsw_nuss_cleanup_ndev.isra.0+0x48/0x70 [ti_am65_cpsw_nuss] [ 31.975637] am65_cpsw_nuss_remove+0x58/0xf8 [ti_am65_cpsw_nuss]
AI Analysis
Technical Summary
CVE-2022-49847 is a vulnerability identified in the Linux kernel specifically affecting the TI AM65 CPSW (Ethernet switch) driver module. The issue arises during the module unload process where a segmentation fault occurs due to improper ordering of cleanup function calls. The vulnerability is caused by calling am65_cpsw_nuss_phylink_cleanup() before am65_cpsw_nuss_cleanup_ndev(), which results in the phylink object being invalidated prematurely. This leads to a kernel paging fault when the first slave link is up, causing a crash (kernel oops) as the kernel attempts to access invalid memory addresses. The detailed kernel logs show a data abort with a level 0 translation fault, indicating an invalid memory access in kernel space. The problem manifests when the module is removed (unloaded) while the network interface is active, specifically on hardware platforms using the Texas Instruments AM625 SoC. The root cause is a race condition or improper resource cleanup sequence in the Ethernet driver code, which can cause system instability or denial of service due to kernel crashes. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The fix involves reordering the cleanup calls to ensure phylink remains valid until all dependent resources are properly released.
Potential Impact
For European organizations, this vulnerability primarily impacts systems running Linux kernels with the affected TI AM65 CPSW Ethernet driver, which is common in embedded systems, industrial control devices, and network appliances using Texas Instruments AM625 or similar SoCs. The segmentation fault leads to kernel crashes, causing denial of service conditions. This can disrupt critical network connectivity and system availability, particularly in industrial environments, telecommunications infrastructure, or IoT deployments relying on these embedded Linux platforms. While the vulnerability does not directly expose data or allow privilege escalation, the resulting instability can interrupt operations, cause system reboots, and potentially lead to data loss or operational downtime. Organizations with embedded Linux devices in manufacturing, energy, or critical infrastructure sectors may face increased risk of service disruption. Since exploitation requires module unload while the network link is active, the attack surface is limited but still relevant for maintenance or automated module management scenarios.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the vendor-provided patch or update to the Linux kernel that corrects the cleanup sequence in the TI AM65 CPSW driver as soon as it becomes available. 2) Avoid unloading the affected kernel module while the network interface is active or in use; ensure proper shutdown of network interfaces before module removal. 3) Implement monitoring and alerting for kernel oops or segmentation faults related to the ti_am65_cpsw_nuss module to detect potential exploitation or accidental triggers. 4) For embedded devices, coordinate with hardware vendors to obtain updated firmware or kernel images incorporating the fix. 5) Restrict access to module management commands (e.g., modprobe, rmmod) to trusted administrators to prevent unauthorized triggering of the vulnerability. 6) Conduct thorough testing of updated kernels in staging environments to confirm stability before deployment in production. These steps go beyond generic advice by focusing on operational practices around module unloading and targeted monitoring for this specific driver issue.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2022-49847: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload Move am65_cpsw_nuss_phylink_cleanup() call to after am65_cpsw_nuss_cleanup_ndev() so phylink is still valid to prevent the below Segmentation fault on module remove when first slave link is up. [ 31.652944] Unable to handle kernel paging request at virtual address 00040008000005f4 [ 31.684627] Mem abort info: [ 31.687446] ESR = 0x0000000096000004 [ 31.704614] EC = 0x25: DABT (current EL), IL = 32 bits [ 31.720663] SET = 0, FnV = 0 [ 31.723729] EA = 0, S1PTW = 0 [ 31.740617] FSC = 0x04: level 0 translation fault [ 31.756624] Data abort info: [ 31.759508] ISV = 0, ISS = 0x00000004 [ 31.776705] CM = 0, WnR = 0 [ 31.779695] [00040008000005f4] address between user and kernel address ranges [ 31.808644] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 31.814928] Modules linked in: wlcore_sdio wl18xx wlcore mac80211 libarc4 cfg80211 rfkill crct10dif_ce phy_gmii_sel ti_am65_cpsw_nuss(-) sch_fq_codel ipv6 [ 31.828776] CPU: 0 PID: 1026 Comm: modprobe Not tainted 6.1.0-rc2-00012-gfabfcf7dafdb-dirty #160 [ 31.837547] Hardware name: Texas Instruments AM625 (DT) [ 31.842760] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 31.849709] pc : phy_stop+0x18/0xf8 [ 31.853202] lr : phylink_stop+0x38/0xf8 [ 31.857031] sp : ffff80000a0839f0 [ 31.860335] x29: ffff80000a0839f0 x28: ffff000000de1c80 x27: 0000000000000000 [ 31.867462] x26: 0000000000000000 x25: 0000000000000000 x24: ffff80000a083b98 [ 31.874589] x23: 0000000000000800 x22: 0000000000000001 x21: ffff000001bfba90 [ 31.881715] x20: ffff0000015ee000 x19: 0004000800000200 x18: 0000000000000000 [ 31.888842] x17: ffff800076c45000 x16: ffff800008004000 x15: 000058e39660b106 [ 31.895969] x14: 0000000000000144 x13: 0000000000000144 x12: 0000000000000000 [ 31.903095] x11: 000000000000275f x10: 00000000000009e0 x9 : ffff80000a0837d0 [ 31.910222] x8 : ffff000000de26c0 x7 : ffff00007fbd6540 x6 : ffff00007fbd64c0 [ 31.917349] x5 : ffff00007fbd0b10 x4 : ffff00007fbd0b10 x3 : ffff00007fbd3920 [ 31.924476] x2 : d0a07fcff8b8d500 x1 : 0000000000000000 x0 : 0004000800000200 [ 31.931603] Call trace: [ 31.934042] phy_stop+0x18/0xf8 [ 31.937177] phylink_stop+0x38/0xf8 [ 31.940657] am65_cpsw_nuss_ndo_slave_stop+0x28/0x1e0 [ti_am65_cpsw_nuss] [ 31.947452] __dev_close_many+0xa4/0x140 [ 31.951371] dev_close_many+0x84/0x128 [ 31.955115] unregister_netdevice_many+0x130/0x6d0 [ 31.959897] unregister_netdevice_queue+0x94/0xd8 [ 31.964591] unregister_netdev+0x24/0x38 [ 31.968504] am65_cpsw_nuss_cleanup_ndev.isra.0+0x48/0x70 [ti_am65_cpsw_nuss] [ 31.975637] am65_cpsw_nuss_remove+0x58/0xf8 [ti_am65_cpsw_nuss]
AI-Powered Analysis
Technical Analysis
CVE-2022-49847 is a vulnerability identified in the Linux kernel specifically affecting the TI AM65 CPSW (Ethernet switch) driver module. The issue arises during the module unload process where a segmentation fault occurs due to improper ordering of cleanup function calls. The vulnerability is caused by calling am65_cpsw_nuss_phylink_cleanup() before am65_cpsw_nuss_cleanup_ndev(), which results in the phylink object being invalidated prematurely. This leads to a kernel paging fault when the first slave link is up, causing a crash (kernel oops) as the kernel attempts to access invalid memory addresses. The detailed kernel logs show a data abort with a level 0 translation fault, indicating an invalid memory access in kernel space. The problem manifests when the module is removed (unloaded) while the network interface is active, specifically on hardware platforms using the Texas Instruments AM625 SoC. The root cause is a race condition or improper resource cleanup sequence in the Ethernet driver code, which can cause system instability or denial of service due to kernel crashes. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The fix involves reordering the cleanup calls to ensure phylink remains valid until all dependent resources are properly released.
Potential Impact
For European organizations, this vulnerability primarily impacts systems running Linux kernels with the affected TI AM65 CPSW Ethernet driver, which is common in embedded systems, industrial control devices, and network appliances using Texas Instruments AM625 or similar SoCs. The segmentation fault leads to kernel crashes, causing denial of service conditions. This can disrupt critical network connectivity and system availability, particularly in industrial environments, telecommunications infrastructure, or IoT deployments relying on these embedded Linux platforms. While the vulnerability does not directly expose data or allow privilege escalation, the resulting instability can interrupt operations, cause system reboots, and potentially lead to data loss or operational downtime. Organizations with embedded Linux devices in manufacturing, energy, or critical infrastructure sectors may face increased risk of service disruption. Since exploitation requires module unload while the network link is active, the attack surface is limited but still relevant for maintenance or automated module management scenarios.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the vendor-provided patch or update to the Linux kernel that corrects the cleanup sequence in the TI AM65 CPSW driver as soon as it becomes available. 2) Avoid unloading the affected kernel module while the network interface is active or in use; ensure proper shutdown of network interfaces before module removal. 3) Implement monitoring and alerting for kernel oops or segmentation faults related to the ti_am65_cpsw_nuss module to detect potential exploitation or accidental triggers. 4) For embedded devices, coordinate with hardware vendors to obtain updated firmware or kernel images incorporating the fix. 5) Restrict access to module management commands (e.g., modprobe, rmmod) to trusted administrators to prevent unauthorized triggering of the vulnerability. 6) Conduct thorough testing of updated kernels in staging environments to confirm stability before deployment in production. These steps go beyond generic advice by focusing on operational practices around module unloading and targeted monitoring for this specific driver issue.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.230Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4e38
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 2:27:32 AM
Last updated: 8/15/2025, 12:23:02 AM
Views: 20
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.