CVE-2022-48754

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48754
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48754.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48754
Downstream
Related
Published
2024-06-20T11:13:34.561Z
Modified
2026-03-14T11:56:18.952433Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
phylib: fix potential use-after-free
Details

In the Linux kernel, the following vulnerability has been resolved:

phylib: fix potential use-after-free

Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phydevicereset(phydev) after the putdevice() call in phydetach().

The comment before the putdevice() call says that the phydev might go away with putdevice().

Fix potential use-after-free by calling phydevicereset() before put_device().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48754.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bafbdd527d569c8200521f2f7579f65a044271be
Fixed
67d271760b037ce0806d687ee6057edc8afd4205
Fixed
f39027cbada43b33566c312e6be3db654ca3ad17
Fixed
bd024e36f68174b1793906c39ca16cee0c9295c2
Fixed
aefaccd19379d6c4620269a162bfb88ff687f289
Fixed
cb2fab10fc5e7a3aa1bb0a68a3abdcf3e37852af
Fixed
cbda1b16687580d5beee38273f6241ae3725960c

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48754.json"