CVE-2022-48754

2024-06-2012:15:13

CWE-416

Linux

web.nvd.nist.gov

linux kernel

phylib

vulnerability

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

Percentile

10.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:

phylib: fix potential use-after-free

Commit bafbdd527d56 (“phylib: Add device reset GPIO support”) added call
to phy_device_reset(phydev) after the put_device() call in phy_detach().

The comment before the put_device() call says that the phydev might go
away with put_device().

Fix potential use-after-free by calling phy_device_reset() before
put_device().

Affected configurations

Vulners

Node

linuxlinux_kernelRange4.16–4.19.228

linuxlinux_kernelRange4.20.0–5.4.176

linuxlinux_kernelRange5.5.0–5.10.96

linuxlinux_kernelRange5.11.0–5.15.19

linuxlinux_kernelRange5.16.0–5.16.5

linuxlinux_kernelRange5.17.0≥

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/phy/phy_device.c"
    ],
    "versions": [
      {
        "version": "bafbdd527d56",
        "lessThan": "67d271760b03",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "bafbdd527d56",
        "lessThan": "f39027cbada4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "bafbdd527d56",
        "lessThan": "bd024e36f681",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "bafbdd527d56",
        "lessThan": "aefaccd19379",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "bafbdd527d56",
        "lessThan": "cb2fab10fc5e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "bafbdd527d56",
        "lessThan": "cbda1b166875",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/phy/phy_device.c"
    ],
    "versions": [
      {
        "version": "4.16",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.16",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.228",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.176",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.96",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.19",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.5",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]