CVE-2022-49582

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: fix NULL pointer dereference in dsa_port_reset_vlan_filtering

The "ds" iterator variable used in dsa_port_reset_vlan_filtering() -> dsa_switch_for_each_port() overwrites the "dp" received as argument, which is later used to call dsa_port_vlan_filtering() proper.

As a result, switches which do enter that code path (the ones with vlan_filtering_is_global=true) will dereference an invalid dp in dsa_port_reset_vlan_filtering() after leaving a VLAN-aware bridge.

Use a dedicated "other_dp" iterator variable to avoid this from happening.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd0004a020bb50263de0e3e775c7b7c7a003e0e0c < 3240e12fe203a3a79b9814e83327106b770ed7b0affected
LinuxLinuxd0004a020bb50263de0e3e775c7b7c7a003e0e0c < 1699b4d502eda3c7ea4070debad3ee570b5091b1affected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux5.18.15 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References