Bug 2347921 (CVE-2022-49134) - CVE-2022-49134 kernel: mlxsw: spectrum: Guard against invalid local ports
Summary: CVE-2022-49134 kernel: mlxsw: spectrum: Guard against invalid local ports
Keywords:
Status: NEW
Alias: CVE-2022-49134
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:11 UTC by OSIDB Bzimport
Modified: 2025-02-26 16:00 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:11:23 UTC 
In the Linux kernel, the following vulnerability has been resolved:

mlxsw: spectrum: Guard against invalid local ports

When processing events generated by the device's firmware, the driver
protects itself from events reported for non-existent local ports, but
not for the CPU port (local port 0), which exists, but does not have all
the fields as any local port.

This can result in a NULL pointer dereference when trying access
'struct mlxsw_sp_port' fields which are not initialized for CPU port.

Commit 63b08b1f6834 ("mlxsw: spectrum: Protect driver from buggy firmware")
already handled such issue by bailing early when processing a PUDE event
reported for the CPU port.

Generalize the approach by moving the check to a common function and
making use of it in all relevant places.
Comment 1 Avinash Hanwate 2025-02-26 11:41:17 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2022-49134-f6cf@gregkh/T
Comment 4 Avinash Hanwate 2025-02-26 15:59:52 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2022-49134-f6cf@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.