CVE-2022-48779
net: mscc: ocelot: fix use-after-free in ocelot_vlan_del()
In the Linux kernel, the following vulnerability has been resolved:
net: mscc: ocelot: fix use-after-free in ocelot_vlan_del()
ocelot_vlan_member_del() will free the struct ocelot_bridge_vlan, so if
this is the same as the port's pvid_vlan which we access afterwards,
what we're accessing is freed memory.
Fix the bug by determining whether to clear ocelot_port->pvid_vlan prior
to calling ocelot_vlan_member_del().
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →