Bug 2320664 (CVE-2022-49016) - CVE-2022-49016 kernel: net: mdiobus: fix unbalanced node reference count
Summary: CVE-2022-49016 kernel: net: mdiobus: fix unbalanced node reference count
Keywords:
Status: NEW
Alias: CVE-2022-49016
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-21 21:01 UTC by OSIDB Bzimport
Modified: 2024-12-16 14:46 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-10-21 21:01:26 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: mdiobus: fix unbalanced node reference count

I got the following report while doing device(mscc-miim) load test
with CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled:

  OF: ERROR: memory leak, expected refcount 1 instead of 2,
  of_node_get()/of_node_put() unbalanced - destroy cset entry:
  attach overlay node /spi/soc@0/mdio@7107009c/ethernet-phy@0

If the 'fwnode' is not an acpi node, the refcount is get in
fwnode_mdiobus_phy_device_register(), but it has never been
put when the device is freed in the normal path. So call
fwnode_handle_put() in phy_device_release() to avoid leak.

If it's an acpi node, it has never been get, but it's put
in the error path, so call fwnode_handle_get() before
phy_device_register() to keep get/put operation balanced.
Comment 1 Avinash Hanwate 2024-10-22 09:05:52 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102153-CVE-2022-49016-c7bb@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.