Bug 2320700 (CVE-2022-48961) - CVE-2022-48961 kernel: net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
Summary: CVE-2022-48961 kernel: net: mdio: fix unbalanced fwnode reference count in md...
Keywords:
Status: NEW
Alias: CVE-2022-48961
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-21 21:03 UTC by OSIDB Bzimport
Modified: 2024-10-22 08:51 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-10-21 21:03:40 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: mdio: fix unbalanced fwnode reference count in mdio_device_release()

There is warning report about of_node refcount leak
while probing mdio device:

OF: ERROR: memory leak, expected refcount 1 instead of 2,
of_node_get()/of_node_put() unbalanced - destroy cset entry:
attach overlay node /spi/soc@0/mdio@710700c0/ethernet@4

In of_mdiobus_register_device(), we increase fwnode refcount
by fwnode_handle_get() before associating the of_node with
mdio device, but it has never been decreased in normal path.
Since that, in mdio_device_release(), it needs to call
fwnode_handle_put() in addition instead of calling kfree()
directly.

After above, just calling mdio_device_free() in the error handle
path of of_mdiobus_register_device() is enough to keep the
refcount balanced.
Comment 1 Avinash Hanwate 2024-10-22 07:36:37 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102143-CVE-2022-48961-d44b@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.