CVE-2022-48859 in Linux
Summary
by MITRE • 07/16/2024
In the Linux kernel, the following vulnerability has been resolved:
net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr
This node pointer is returned by of_find_compatible_node() with refcount incremented. Calling of_node_put() to aovid the refcount leak.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/23/2024
The vulnerability identified as CVE-2022-48859 represents a memory management issue within the Linux kernel's Marvell Prestera network switch driver. This flaw specifically affects the prestera_switch_set_base_mac_addr function where proper reference counting operations are not being performed on device tree node pointers. The issue stems from the driver's failure to call of_node_put() on a node pointer that was obtained through of_find_compatible_node() which increments the reference count of the device tree node. This oversight creates a resource leak scenario where the kernel's device tree node reference counter is not properly decremented, leading to potential memory exhaustion over time. The vulnerability impacts systems utilizing Marvell Prestera network switch hardware and is particularly concerning in embedded environments or systems with limited memory resources where such leaks can accumulate and degrade system performance.
The technical implementation flaw manifests in the device tree node handling within the network switch driver code where the of_find_compatible_node() function returns a pointer to a device tree node with an incremented reference count. When this node pointer is subsequently used in the prestera_switch_set_base_mac_addr function, the code fails to invoke of_node_put() to properly decrement the reference count. This pattern constitutes a classic resource leak vulnerability where kernel memory management operations are not properly balanced. The CWE-404 weakness classification applies here as this represents an improper resource management issue where a resource acquired through a kernel API call is not properly released. The vulnerability is categorized as a memory leak rather than a more severe privilege escalation or denial of service vector, though it can contribute to system instability through resource exhaustion.
From an operational perspective, this vulnerability poses a moderate risk to systems running affected Linux kernel versions with Marvell Prestera network switch hardware. The impact is primarily manifest as gradual memory consumption over time, potentially leading to system performance degradation or memory allocation failures in resource-constrained environments. Attackers could theoretically exploit this vulnerability by repeatedly triggering the affected code path to accelerate memory consumption, though the direct security implications are limited compared to more severe kernel vulnerabilities. The vulnerability affects systems where the Marvell Prestera driver is actively loaded and used, typically enterprise networking equipment, network infrastructure devices, and embedded systems utilizing Marvell switch chips. The operational impact is more about system reliability and resource management rather than immediate security compromise.
Mitigation strategies for CVE-2022-48859 focus on applying the kernel patch that properly implements the of_node_put() call in the prestera_switch_set_base_mac_addr function. System administrators should prioritize updating to kernel versions that include the fix, typically kernel 5.19 or later where this vulnerability has been resolved. The patch implementation involves adding the missing of_node_put() call after the device tree node pointer is no longer needed, ensuring proper reference counting and preventing the memory leak. Organizations should conduct thorough testing of kernel updates in their environments to ensure compatibility with existing network switch configurations. Additionally, monitoring systems for unusual memory consumption patterns can help detect potential exploitation of this vulnerability. The fix aligns with the ATT&CK framework's defensive techniques related to kernel hardening and resource management, where proper reference counting and memory management are fundamental security practices that prevent resource exhaustion attacks. Regular kernel maintenance and patch management programs should include verification of device driver patches to ensure complete protection against such memory management vulnerabilities.