CVE-2022-49134 Information

Mar 01, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

mlxsw: spectrum: Guard against invalid local ports

When processing events generated by the device’s firmware the driver protects itself from events reported for non-existent local ports but not for the CPU port (local port 0) which exists but does not have all the fields as any local port.

This can result in a NULL pointer dereference when trying access ‘struct mlxsw_sp_port’ fields which are not initialized for CPU port.

Commit 63b08b1f6834 (\mlxsw: spectrum: Protect driver from buggy firmware) already handled such issue by bailing early when processing a PUDE event reported for the CPU port.

Generalize the approach by moving the check to a common function and making use of it in all relevant places.

Reference

https://git.kernel.org/stable/c/4cad27ba2e5a5843a7fab5aa30de2b8e8c3db3a8 https://git.kernel.org/stable/c/bcdfd615f83b4bd04678109bf18022d1476e4bbf

Share on: