2432393 – (CVE-2026-22982) CVE-2026-22982 kernel: net: mscc: ocelot: Fix crash when adding interface under a lag

Bug 2432393 (CVE-2026-22982) - CVE-2026-22982 kernel: net: mscc: ocelot: Fix crash when adding interface under a lag

Summary: CVE-2026-22982 kernel: net: mscc: ocelot: Fix crash when adding interface und...

Keywords:
Status:	NEW
Alias:	CVE-2026-22982
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-23 16:03 UTC by OSIDB Bzimport
Modified:	2026-01-23 19:19 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-23 16:03:00 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: mscc: ocelot: Fix crash when adding interface under a lag

Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag")
fixed a similar issue in the lan966x driver caused by a NULL pointer dereference.
The ocelot_set_aggr_pgids() function in the ocelot driver has similar logic
and is susceptible to the same crash.

This issue specifically affects the ocelot_vsc7514.c frontend, which leaves
unused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as
it uses the DSA framework which registers all ports.

Fix this by checking if the port pointer is valid before accessing it.

Comment 1 Keith Grant 2026-01-23 19:13:15 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026012348-CVE-2026-22982-b250@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.