CVE-2022-48808

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: fix panic when DSA master device unbinds on shutdown

Rafael reports that on a system with LX2160A and Marvell DSA switches,
if a reboot occurs while the DSA master (dpaa2-eth) is up, the following
panic can be seen:

systemd-shutdown[1]: Rebooting.
Unable to handle kernel paging request at virtual address 00a0000800000041
[00a0000800000041] address between user and kernel address ranges
Internal error: Oops: 96000004 [#1] PREEMPT SMP
CPU: 6 PID: 1 Comm: systemd-shutdow Not tainted 5.16.5-00042-g8f5585009b24 #32
pc : dsa_slave_netdevice_event+0x130/0x3e4
lr : raw_notifier_call_chain+0x50/0x6c
Call trace:
 dsa_slave_netdevice_event+0x130/0x3e4
 raw_notifier_call_chain+0x50/0x6c
 call_netdevice_notifiers_info+0x54/0xa0
 __dev_close_many+0x50/0x130
 dev_close_many+0x84/0x120
 unregister_netdevice_many+0x130/0x710
 unregister_netdevice_queue+0x8c/0xd0
 unregister_netdev+0x20/0x30
 dpaa2_eth_remove+0x68/0x190
 fsl_mc_driver_remove+0x20/0x5c
 __device_release_driver+0x21c/0x220
 device_release_driver_internal+0xac/0xb0
 device_links_unbind_consumers+0xd4/0x100
 __device_release_driver+0x94/0x220
 device_release_driver+0x28/0x40
 bus_remove_device+0x118/0x124
 device_del+0x174/0x420
 fsl_mc_device_remove+0x24/0x40
 __fsl_mc_device_remove+0xc/0x20
 device_for_each_child+0x58/0xa0
 dprc_remove+0x90/0xb0
 fsl_mc_driver_remove+0x20/0x5c
 __device_release_driver+0x21c/0x220
 device_release_driver+0x28/0x40
 bus_remove_device+0x118/0x124
 device_del+0x174/0x420
 fsl_mc_bus_remove+0x80/0x100
 fsl_mc_bus_shutdown+0xc/0x1c
 platform_shutdown+0x20/0x30
 device_shutdown+0x154/0x330
 __do_sys_reboot+0x1cc/0x250
 __arm64_sys_reboot+0x20/0x30
 invoke_syscall.constprop.0+0x4c/0xe0
 do_el0_svc+0x4c/0x150
 el0_svc+0x24/0xb0
 el0t_64_sync_handler+0xa8/0xb0
 el0t_64_sync+0x178/0x17c

It can be seen from the stack trace that the problem is that the
deregistration of the master causes a dev_close(), which gets notified
as NETDEV_GOING_DOWN to dsa_slave_netdevice_event().
But dsa_switch_shutdown() has already run, and this has unregistered the
DSA slave interfaces, and yet, the NETDEV_GOING_DOWN handler attempts to
call dev_close_many() on those slave interfaces, leading to the problem.

The previous attempt to avoid the NETDEV_GOING_DOWN on the master after
dsa_switch_shutdown() was called seems improper. Unregistering the slave
interfaces is unnecessary and unhelpful. Instead, after the slaves have
stopped being uppers of the DSA master, we can now reset to NULL the
master->dsa_ptr pointer, which will make DSA start ignoring all future
notifier events on the master.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
linuxlinux_kernel
5.15 ≤
𝑥
< 5.15.155
linuxlinux_kernel
5.16 ≤
𝑥
< 5.16.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
trixie
6.11.5-1
fixed
sid
6.11.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
noble
not-affected
jammy
Fixed 5.15.0-116.126
released
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
linux-allwinner-5.19
noble
dne
jammy
ignored
focal
dne
linux-aws
noble
not-affected
jammy
Fixed 5.15.0-1065.71
released
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
linux-aws-5.0
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-aws-5.11
noble
dne
jammy
dne
focal
ignored
linux-aws-5.13
noble
dne
jammy
dne
focal
ignored
linux-aws-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-1065.71~20.04.1
released
linux-aws-5.19
noble
dne
jammy
ignored
focal
dne
linux-aws-5.3
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-aws-5.4
noble
dne
jammy
dne
focal
dne
bionic
not-affected
linux-aws-5.8
noble
dne
jammy
dne
focal
ignored
linux-aws-6.2
noble
dne
jammy
ignored
focal
dne
linux-aws-6.5
noble
dne
jammy
not-affected
focal
dne
linux-aws-fips
noble
dne
jammy
dne
focal
dne
linux-aws-hwe
noble
dne
jammy
dne
focal
dne
xenial
not-affected
linux-azure
noble
not-affected
jammy
Fixed 5.15.0-1068.77
released
focal
not-affected
bionic
ignored
xenial
not-affected
trusty
not-affected
linux-azure-4.15
noble
dne
jammy
dne
focal
dne
bionic
not-affected
linux-azure-5.11
noble
dne
jammy
dne
focal
ignored
linux-azure-5.13
noble
dne
jammy
dne
focal
ignored
linux-azure-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-1068.77~20.04.1
released
linux-azure-5.19
noble
dne
jammy
ignored
focal
dne
linux-azure-5.3
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-azure-5.4
noble
dne
jammy
dne
focal
dne
bionic
not-affected
linux-azure-5.8
noble
dne
jammy
dne
focal
ignored
linux-azure-6.2
noble
dne
jammy
ignored
focal
dne
linux-azure-6.5
noble
dne
jammy
not-affected
focal
dne
linux-azure-edge
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-azure-fde
noble
dne
jammy
Fixed 5.15.0-1068.77.1
released
focal
ignored
linux-azure-fde-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-1068.77~20.04.1.1
released
linux-azure-fde-5.19
noble
dne
jammy
ignored
focal
dne
linux-azure-fde-6.2
noble
dne
jammy
ignored
focal
dne
linux-azure-fips
noble
dne
jammy
dne
focal
dne
linux-bluefield
noble
dne
jammy
dne
focal
not-affected
linux-fips
noble
dne
jammy
dne
focal
dne
linux-gcp
noble
not-affected
jammy
Fixed 5.15.0-1064.72
released
focal
not-affected
bionic
ignored
xenial
not-affected
linux-gcp-4.15
noble
dne
jammy
dne
focal
dne
bionic
not-affected
linux-gcp-5.11
noble
dne
jammy
dne
focal
ignored
linux-gcp-5.13
noble
dne
jammy
dne
focal
ignored
linux-gcp-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-1065.73~20.04.1
released
linux-gcp-5.19
noble
dne
jammy
ignored
focal
dne
linux-gcp-5.3
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-gcp-5.4
noble
dne
jammy
dne
focal
dne
bionic
not-affected
linux-gcp-5.8
noble
dne
jammy
dne
focal
ignored
linux-gcp-6.2
noble
dne
jammy
ignored
focal
dne
linux-gcp-6.5
noble
dne
jammy
not-affected
focal
dne
linux-gcp-fips
noble
dne
jammy
dne
focal
dne
linux-gke
noble
not-affected
jammy
Fixed 5.15.0-1062.68
released
focal
ignored
linux-gke-4.15
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-gke-5.15
noble
dne
jammy
dne
focal
ignored
linux-gke-5.4
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-gkeop
noble
dne
jammy
Fixed 5.15.0-1048.55
released
focal
not-affected
linux-gkeop-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-1048.55~20.04.1
released
linux-gkeop-5.4
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-hwe
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
not-affected
linux-hwe-5.11
noble
dne
jammy
dne
focal
ignored
linux-hwe-5.13
noble
dne
jammy
dne
focal
ignored
linux-hwe-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-116.126~20.04.1
released
linux-hwe-5.19
noble
dne
jammy
ignored
focal
dne
linux-hwe-5.4
noble
dne
jammy
dne
focal
dne
bionic
not-affected
linux-hwe-5.8
noble
dne
jammy
dne
focal
ignored
linux-hwe-6.2
noble
dne
jammy
ignored
focal
dne
linux-hwe-6.5
noble
dne
jammy
ignored
focal
dne
linux-hwe-6.8
noble
dne
jammy
not-affected
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe-edge
noble
dne
jammy
dne
focal
dne
bionic
ignored
xenial
ignored
linux-ibm
noble
not-affected
jammy
Fixed 5.15.0-1058.61
released
focal
not-affected
linux-ibm-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-1058.61~20.04.1
released
linux-ibm-5.4
noble
dne
jammy
dne
focal
dne
bionic
not-affected
linux-intel
noble
not-affected
jammy
dne
focal
dne
linux-intel-5.13
noble
dne
jammy
dne
focal
ignored
linux-intel-iot-realtime
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-intel-iotg
noble
dne
jammy
Fixed 5.15.0-1060.66
released
focal
dne
linux-intel-iotg-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-1060.66~20.04.1
released
linux-iot
noble
dne
jammy
dne
focal
not-affected
linux-kvm
noble
dne
jammy
Fixed 5.15.0-1062.67
released
focal
not-affected
bionic
not-affected
xenial
not-affected
linux-lowlatency
noble
not-affected
jammy
Fixed 5.15.0-116.126
released
focal
dne
linux-lowlatency-hwe-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-116.126~20.04.1
released
linux-lowlatency-hwe-5.19
noble
dne
jammy
ignored
focal
dne
linux-lowlatency-hwe-6.2
noble
dne
jammy
ignored
focal
dne
linux-lowlatency-hwe-6.5
noble
dne
jammy
ignored
focal
dne
linux-lowlatency-hwe-6.8
noble
dne
jammy
not-affected
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-xenial
noble
dne
jammy
dne
focal
dne
trusty
not-affected
linux-nvidia
noble
not-affected
jammy
Fixed 5.15.0-1060.61
released
focal
dne
linux-nvidia-6.2
noble
dne
jammy
ignored
focal
dne
linux-nvidia-6.5
noble
dne
jammy
not-affected
focal
dne
linux-nvidia-6.8
noble
dne
jammy
not-affected
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-nvidia-lowlatency
noble
not-affected
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-oem-5.10
noble
dne
jammy
dne
focal
ignored
linux-oem-5.13
noble
dne
jammy
dne
focal
ignored
linux-oem-5.14
noble
dne
jammy
dne
focal
ignored
linux-oem-5.17
noble
dne
jammy
ignored
focal
dne
linux-oem-5.6
noble
dne
jammy
dne
focal
ignored
linux-oem-6.0
noble
dne
jammy
ignored
focal
dne
linux-oem-6.1
noble
dne
jammy
ignored
focal
dne
linux-oem-6.5
noble
dne
jammy
not-affected
focal
dne
linux-oem-6.8
noble
not-affected
jammy
dne
focal
dne
linux-oracle
noble
not-affected
jammy
Fixed 5.15.0-1063.69
released
focal
not-affected
bionic
not-affected
xenial
not-affected
linux-oracle-5.0
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-oracle-5.11
noble
dne
jammy
dne
focal
ignored
linux-oracle-5.13
noble
dne
jammy
dne
focal
ignored
linux-oracle-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-1063.69~20.04.1
released
linux-oracle-5.3
noble
dne
jammy
dne
focal
dne
bionic
ignored
linux-oracle-5.4
noble
dne
jammy
dne
focal
dne
bionic
not-affected
linux-oracle-5.8
noble
dne
jammy
dne
focal
ignored
linux-oracle-6.5
noble
dne
jammy
not-affected
focal
dne
linux-raspi
noble
not-affected
jammy
Fixed 5.15.0-1058.61
released
focal
not-affected
linux-raspi-5.4
noble
dne
jammy
dne
focal
dne
bionic
not-affected
linux-raspi-realtime
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-raspi2
noble
dne
jammy
dne
focal
ignored
linux-realtime
noble
dne
jammy
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-riscv
noble
not-affected
jammy
ignored
focal
ignored
linux-riscv-5.11
noble
dne
jammy
dne
focal
ignored
linux-riscv-5.15
noble
dne
jammy
dne
focal
Fixed 5.15.0-1061.65~20.04.1
released
linux-riscv-5.19
noble
dne
jammy
ignored
focal
dne
linux-riscv-5.8
noble
dne
jammy
dne
focal
ignored
linux-riscv-6.5
noble
dne
jammy
ignored
focal
dne
linux-riscv-6.8
noble
dne
jammy
not-affected
focal
dne
bionic
dne
xenial
dne
trusty
dne
linux-starfive-5.19
noble
dne
jammy
ignored
focal
dne
linux-starfive-6.2
noble
dne
jammy
ignored
focal
dne
linux-starfive-6.5
noble
dne
jammy
not-affected
focal
dne
linux-xilinx-zynqmp
noble
dne
jammy
Fixed 5.15.0-1035.39
released
focal
not-affected