CVE-2022-48754 in Linux
Summary
by MITRE • 06/20/2024
In the Linux kernel, the following vulnerability has been resolved:
phylib: fix potential use-after-free
Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach().
The comment before the put_device() call says that the phydev might go away with put_device().
Fix potential use-after-free by calling phy_device_reset() before put_device().
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/24/2025
The vulnerability identified as CVE-2022-48754 represents a critical use-after-free condition within the Linux kernel's phylib subsystem, specifically affecting the phy_detach() function. This flaw occurs in the context of physical layer (PHY) device management where the kernel handles network interface hardware components. The vulnerability stems from an improper sequence of operations during the detachment process of PHY devices, creating a window where memory access occurs after the device structure has been freed, potentially leading to system instability or exploitation.
The technical flaw manifests in the phy_detach() function where the kernel attempts to reset a PHY device after calling put_device() on the same device structure. The commit bafbdd527d56 introduced device reset GPIO support functionality but inadvertently created this race condition by placing the phy_device_reset() call after put_device(). The existing code comment explicitly warns that the phydev structure might be destroyed upon put_device() execution, yet the implementation failed to respect this warning by proceeding with device reset operations on what could already be freed memory.
This particular vulnerability maps directly to CWE-416, which describes the use of freed memory condition, and aligns with ATT&CK technique T1059.008 for execution through kernel-mode rootkits. The operational impact of this flaw extends beyond simple system crashes, as it could enable privilege escalation attacks or denial of service conditions that affect network connectivity for affected systems. When exploited, this vulnerability can cause the kernel to access invalid memory locations, potentially leading to system panics, data corruption, or unauthorized access to network interfaces.
The fix implemented addresses this by reordering the operations to execute phy_device_reset() before put_device(), ensuring that device reset operations occur while the phydev structure remains valid in memory. This remediation follows established kernel development practices for managing reference counting and object lifecycle management. Organizations should prioritize applying this patch as it resolves a critical security vulnerability that could be exploited in network infrastructure devices, embedded systems, and server environments where PHY device management is actively utilized. The fix demonstrates proper kernel memory management principles and reinforces the importance of careful sequence analysis when implementing new features that interact with device reference counting mechanisms.