Resource management error in Linux kernel net dsa driver

Published: 2024-07-17 | Updated: 2025-05-13

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2022-48815
CWE-ID	CWE-399
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource management error

EUVDB-ID: #VU94471

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48815

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10 - 5.17 rc12

CPE2.3

External links

https://git.kernel.org/stable/c/2770b795294ed312375c11ef1d0b810499c66b83
https://git.kernel.org/stable/c/caabb5f64f5c32fceed93356bb688ef1ec6c5783
https://git.kernel.org/stable/c/08e1a3554e99a1a5bd2835907381e2383ee85cae
https://git.kernel.org/stable/c/08f1a20822349004bb9cc1b153ecb516e9f2889d
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.101
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.24
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.