High severity7.8NVD Advisory· Published Jul 16, 2024· Updated Jun 17, 2026
CVE-2022-48854
CVE-2022-48854
Description
In the Linux kernel, the following vulnerability has been resolved:
net: arc_emac: Fix use after free in arc_mdio_probe()
If bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will free the "bus". But bus->name is still used in the next line, which will lead to a use after free.
We can fix it by putting the name in a local variable and make the bus->name point to the rodata section "name",then use the name in the error message without referring to bus to avoid the uaf.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.