CVE-2022-48818: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered in the mv88e6xxx DSA (Distributed Switch Architecture) driver's MDIO bus handling. The issue was disclosed on July 16, 2024, and affects the Linux kernel's networking subsystem, specifically the Marvell mv88e6xxx switch driver (NVD).

The vulnerability occurs when mdiobusfree() is called from devmmdiobusfree() through the call chain devresreleaseall() -> _devicereleasedriver(), while the mdiobus was not previously unregistered. This issue specifically manifests when the DSA master device is on a bus that calls ->remove from ->shutdown (like dpaa2-eth on the fsl-mc bus). In such cases, there is a device link between the switch and the DSA master, causing devicelinksunbind_consumers() to unbind the Marvell switch driver during shutdown (Kernel Commit).

When triggered, this vulnerability causes a kernel panic during system shutdown, potentially leading to system instability and unexpected behavior. The issue specifically affects systems using the Marvell mv88e6xxx switch driver in conjunction with certain bus configurations (NVD).

The issue has been fixed by modifying the driver to either use devres for both mdiobus allocation and registration or not use devres at all. The fix implements the latter approach, removing devres usage and properly handling mdiobus allocation and cleanup (Kernel Commit).