CVE-2022-49061

net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link

Description

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link When using a fixed-link, the altr_tse_pcs driver crashes due to null-pointer dereference as no phy_device is provided to tse_pcs_fix_mac_speed function. Fix this by adding a check for phy_dev before calling the tse_pcs_fix_mac_speed() function. Also clean up the tse_pcs_fix_mac_speed function a bit. There is no need to check for splitter_base and sgmii_adapter_base because the driver will fail if these 2 variables are not derived from the device tree.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7e59fdf9547c4f948d1d917ec7ffa5fb5ac53bdb patch
https://git.kernel.org/stable/c/08d5e3e954537931c8da7428034808d202e98299 patch
https://git.kernel.org/stable/c/62a48383ebe2e159fd68425dd3e16d4c6bd6599a patch
https://git.kernel.org/stable/c/6c020f05253df04c3480b586fe188a3582740049 patch
https://git.kernel.org/stable/c/a6aaa00324240967272b451bfa772547bd576ee6 patch

Frequently Asked Questions

What is the severity of CVE-2022-49061?
CVE-2022-49061 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49061?
To fix CVE-2022-49061, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49061 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49061 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49061?
CVE-2022-49061 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.