Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: Avoid cross-chip syncing of VLAN filtering Changes to VLAN filtering are not applicable to cross-chip notifications. On a system like this: .-----. .-----. .-----. | sw1 +---+ sw2 +---+ sw3 | '-1-2-' '-1-2-' '-1-2-' Before this change, upon sw1p1 leaving a bridge, a call to dsa_port_vlan_filtering would also be made to sw2p1 and sw3p1. In this scenario: .---------. .-----. .-----. | sw1 +---+ sw2 +---+ sw3 | '-1-2-3-4-' '-1-2-' '-1-2-' When sw1p4 would leave a bridge, dsa_port_vlan_filtering would be called for sw2 and sw3 with a non-existing port - leading to array out-of-bounds accesses and crashes on mv88e6xxx.

INFO

Published Date :

2025-02-26T01:55:59.615Z

Last Modified :

2025-05-04T08:33:01.348Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49234 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49234.

URL Resource
https://git.kernel.org/stable/c/108dc8741c203e9d6ce4e973367f1bac20c7192b cve-icon cve-icon
https://git.kernel.org/stable/c/e1f2a4dd8d433eec393d09273a78a3d3551339cf cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022623-CVE-2022-49234-b4b1@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49234 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49234 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact