CVE-2022-48856: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48856 is a vulnerability in the Linux kernel's gianfar ethernet driver, specifically in the gfargetts_info function. The vulnerability was discovered and disclosed in July 2024, affecting Linux kernel versions from 4.18 up to versions before 4.19.235, 5.4.185, 5.10.106, 5.15.29, and 5.16.15. The issue involves a reference count leak in the ethtool functionality of the gianfar driver (Kernel Git).

The vulnerability stems from a missing reference count release in the gfargettsinfo function. The offindcompatiblenode() function returns a node pointer with an incremented reference count, but the code failed to call ofnodeput() to release this reference when done. This oversight was introduced in commit 7349a74ea75c ("net: ethernet: gianfar_ethtool: get phc index through drvdata"). The vulnerability has been assigned a CVSS v3.1 score of 5.5 (Medium), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The reference count leak could potentially lead to resource exhaustion in the Linux kernel over time, as memory references are not properly released. This primarily affects system stability and availability, rather than confidentiality or integrity of the system (Debian Security).

The vulnerability has been fixed by adding the missing ofnodeput() call to release the reference count. The fix has been backported to multiple stable kernel versions. Various Linux distributions have released patched versions, including Ubuntu 20.04 LTS (5.4.0-117.132), Debian Bullseye (5.10.226-1), and Bookworm (6.1.128-1) (Debian Security).