CVE-2022-49134
EUVD-2022-5508926.02.2025, 07:00
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum: Guard against invalid local ports
When processing events generated by the device's firmware, the driver
protects itself from events reported for non-existent local ports, but
not for the CPU port (local port 0), which exists, but does not have all
the fields as any local port.
This can result in a NULL pointer dereference when trying access
'struct mlxsw_sp_port' fields which are not initialized for CPU port.
Commit 63b08b1f6834 ("mlxsw: spectrum: Protect driver from buggy firmware")
already handled such issue by bailing early when processing a PUDE event
reported for the CPU port.
Generalize the approach by moving the check to a common function and
making use of it in all relevant places.EnginsightAffected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 𝑥 < 5.17.3 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||
|---|---|---|---|---|---|
| cluster-md-kmp-default |
| ||||
| dlm-kmp-default |
| ||||
| gfs2-kmp-default |
| ||||
| kernel-64kb |
| ||||
| kernel-default |
| ||||
| kernel-default-base |
| ||||
| kernel-default-man |
| ||||
| kernel-docs |
| ||||
| kernel-macros |
| ||||
| kernel-obs-build |
| ||||
| kernel-source |
| ||||
| kernel-syms |
| ||||
| kernel-zfcpdump |
| ||||
| ocfs2-kmp-default |
| ||||
| reiserfs-kmp-default |
|
Common Weakness Enumeration