2347785 – (CVE-2022-49234) CVE-2022-49234 kernel: net: dsa: Avoid cross-chip syncing of VLAN filtering

Bug 2347785 (CVE-2022-49234) - CVE-2022-49234 kernel: net: dsa: Avoid cross-chip syncing of VLAN filtering

Summary: CVE-2022-49234 kernel: net: dsa: Avoid cross-chip syncing of VLAN filtering

Keywords:
Status:	NEW
Alias:	CVE-2022-49234
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-26 03:06 UTC by OSIDB Bzimport
Modified:	2025-02-27 09:24 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:06:40 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: Avoid cross-chip syncing of VLAN filtering

Changes to VLAN filtering are not applicable to cross-chip
notifications.

On a system like this:

.-----.   .-----.   .-----.
| sw1 +---+ sw2 +---+ sw3 |
'-1-2-'   '-1-2-'   '-1-2-'

Before this change, upon sw1p1 leaving a bridge, a call to
dsa_port_vlan_filtering would also be made to sw2p1 and sw3p1.

In this scenario:

.---------.   .-----.   .-----.
|   sw1   +---+ sw2 +---+ sw3 |
'-1-2-3-4-'   '-1-2-'   '-1-2-'

When sw1p4 would leave a bridge, dsa_port_vlan_filtering would be
called for sw2 and sw3 with a non-existing port - leading to array
out-of-bounds accesses and crashes on mv88e6xxx.

Comment 1 Avinash Hanwate 2025-02-26 21:12:47 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022623-CVE-2022-49234-b4b1@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.