Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

Vulnerability IntelligenceCVE-2022-48754

CVE-2022-48754

HIGH8.4

phylib: fix potential use-after-free

Published Jun 20, 2024

Modified 12 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

phylib: fix potential use-after-free

Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach().

The comment before the put_device() call says that the phydev might go away with put_device().

Fix potential use-after-free by calling phy_device_reset() before put_device().

References

WEB

https://git.kernel.org/stable/c/67d271760b037ce0806d687ee6057edc8afd4205

WEB

https://git.kernel.org/stable/c/aefaccd19379d6c4620269a162bfb88ff687f289

WEB

https://git.kernel.org/stable/c/bd024e36f68174b1793906c39ca16cee0c9295c2

WEB

https://git.kernel.org/stable/c/cb2fab10fc5e7a3aa1bb0a68a3abdcf3e37852af

WEB

https://git.kernel.org/stable/c/cbda1b16687580d5beee38273f6241ae3725960c

WEB

https://git.kernel.org/stable/c/f39027cbada43b33566c312e6be3db654ca3ad17

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2022-48754

CVSS Analysis

CVSS v3.1

8.4

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.4/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedJun 20, 2024

ModifiedMay 4, 2025

CVE-2022-48754 | Mondoo Vulnerability Intelligence