CVE-2022-48813: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48813 affects the Linux kernel's felix driver in the DSA (Distributed Switch Architecture) subsystem. The vulnerability was discovered in the handling of MDIO bus allocation and deallocation. The issue stems from a potential panic condition when mdiobusfree() is called from devmmdiobus_free() during device driver release operations (Kernel Git).

The vulnerability occurs in the Felix VSC9959 switch driver when the DSA master is on a bus that calls ->remove from ->shutdown (like dpaa2-eth on the fsl-mc bus). Due to a device link between the switch and the DSA master, devicelinksunbind_consumers() will unbind the felix switch driver on shutdown. The issue arises because the driver uses devres for MDIO bus allocation but not for registration, leading to a potential panic when freeing a still-registered bus (Kernel Git).

When triggered, this vulnerability can cause a kernel panic during system shutdown or driver unbinding operations, potentially leading to system instability or denial of service conditions (NVD).

The fix involves replacing devmmdiobusalloc_size() with the non-devres variant and adding manual free operations where necessary. This ensures proper cleanup of MDIO bus resources during driver unbinding. The solution requires either using devres for both MDIO bus allocation and registration or not using devres at all (Kernel Git).