CVE-2022-48754

June 20, 2024, 12:43 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach(). The comment before the put_device() call says that the phydev might go away with put_device(). Fix potential use-after-free by calling phy_device_reset() before put_device().

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/67d271760b037ce0806d687ee6057edc8afd4205
https://git.kernel.org/stable/c/aefaccd19379d6c4620269a162bfb88ff687f289
https://git.kernel.org/stable/c/bd024e36f68174b1793906c39ca16cee0c9295c2
https://git.kernel.org/stable/c/cb2fab10fc5e7a3aa1bb0a68a3abdcf3e37852af
https://git.kernel.org/stable/c/cbda1b16687580d5beee38273f6241ae3725960c
https://git.kernel.org/stable/c/f39027cbada43b33566c312e6be3db654ca3ad17

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-06-20
CVE-2022-48754

Timeline

Published: June 20, 2024, 12:15 p.m.
Last Modified: June 20, 2024, 12:43 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.