CVE-2022-49061
Description
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link When using a fixed-link, the altr_tse_pcs driver crashes due to null-pointer dereference as no phy_device is provided to tse_pcs_fix_mac_speed function. Fix this by adding a check for phy_dev before calling the tse_pcs_fix_mac_speed() function. Also clean up the tse_pcs_fix_mac_speed function a bit. There is no need to check for splitter_base and sgmii_adapter_base because the driver will fail if these 2 variables are not derived from the device tree.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 5.17.6-1 |
| debian | bullseye | fixed | 5.10.113-1 |
| debian | forky | fixed | 5.17.6-1 |
| debian | sid | fixed | 5.17.6-1 |
| debian | trixie | fixed | 5.17.6-1 |
References
💬 Discuss CVE-2022-49061 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.