CVE-2022-48856: gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
In the Linux kernel, the following vulnerability has been resolved:
gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
The of_find_compatible_node() function returns a node pointer with
refcount incremented, We should use of_node_put() on it when done
Add the missing of_node_put() to release the refcount.
Security readout for executives and security teams
Plain-English summary
CVE-2022-48856 is a Linux kernel bug in the gianfar Ethernet driver. A missing reference release can leak a device-tree node reference when timestamp information is requested through ethtool. The source bundle does not show active exploitation, CVSS scoring, or business-impact evidence.
Executive priority
Treat this as routine kernel maintenance unless your environment depends on affected gianfar networking. There is no sourced evidence of exploitation or severe impact, but kernel fixes should be absorbed through normal patch cycles.
Technical view
The issue is in gfar_get_ts_info. of_find_compatible_node() returns a node with an incremented reference count, but the old code did not call of_node_put() when finished. Upstream stable commits add the missing release across affected kernel branches.
Likely exposure
Exposure appears limited to Linux systems running affected kernel versions where the gianfar driver is present and relevant. The bundle lists affected Linux kernel branches including 4.18, 4.19.235, 5.4.185, 5.10.106, 5.15.29, 5.16.15, and 5.17.
Exploitation context
No provided source states active exploitation, and KEV is false. The bundle describes a refcount leak, not a complete attack chain. Practical exploitability, required privileges, and impact are not established by the provided evidence.
Researcher notes
The key evidence is the upstream fix rationale: of_find_compatible_node() increments the node refcount, requiring of_node_put() after use. The bundle lacks CVSS, CWE, exploitability notes, and operational impact details, so conclusions should stay conservative.
Mitigation direction
Upgrade to a kernel containing the referenced upstream stable fix.
Use distribution kernel updates rather than hand-applying patches where possible.
Check vendor guidance if no patched package is available.
Prioritize systems where the gianfar driver is enabled or in use.
Validation and detection
Inventory kernels against the affected versions listed in the CVE bundle.
Confirm whether the gianfar driver is built, loaded, or required.
Verify the running kernel includes one of the referenced stable commits.
Track vendor advisories for package-level remediation status.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-48856 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.