CVE-2026-22982

EUVD-2026-4281

23.01.2026, 16:15

In the Linux kernel, the following vulnerability has been resolved:

net: mscc: ocelot: Fix crash when adding interface under a lag

Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag")
fixed a similar issue in the lan966x driver caused by a NULL pointer dereference.
The ocelot_set_aggr_pgids() function in the ocelot driver has similar logic
and is susceptible to the same crash.

This issue specifically affects the ocelot_vsc7514.c frontend, which leaves
unused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as
it uses the DSA framework which registers all ports.

Fix this by checking if the port pointer is valid before accessing it.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	5.12 ≤ 𝑥 < 5.15.198
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.161
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.121
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.66
linux	linux_kernel	6.13 ≤ 𝑥 < 6.18.6
linux	linux_kernel	6.19:rc1
linux	linux_kernel	6.19:rc2
linux	linux_kernel	6.19:rc3
linux	linux_kernel	6.19:rc4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	6.1.164-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.251-1 fixed
forky	6.19.10-1 fixed
sid	6.19.10-1 fixed
trixie	6.12.73-1 fixed
trixie (security)	6.12.74-2 fixed

linux-6.1

bullseye	not-affected
bullseye (security)	6.1.164-1~deb11u1 fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2026-01-25T23:00:00+00:00

References

https://git.kernel.org/stable/c/03fb1708b7d1e76aecebf767ad059c319845039f

https://git.kernel.org/stable/c/2985712dc76dfa670eb7fd607c09d4d48e5f5c6e

https://git.kernel.org/stable/c/34f3ff52cb9fa7dbf04f5c734fcc4cb6ed5d1a95

https://git.kernel.org/stable/c/8767f238b0e6c3d0b295ac6dce9fbe6a99bd1b9d

https://git.kernel.org/stable/c/b17818307446c5a8d925a39a792261dbfa930041

https://git.kernel.org/stable/c/f490af47bbee02441e356a1e0b86e3b3dd5120ff