CVE-2022-49234 Information

Description

In the Linux kernel the following vulnerability has been resolved:

net: dsa: Avoid cross-chip syncing of VLAN filtering

Changes to VLAN filtering are not applicable to cross-chip notifications.

On a system like this:

.—–. .—–. .—–. | sw1 +—+ sw2 +—+ sw3 | ‘-1-2-’ ‘-1-2-’ ‘-1-2-’

Before this change upon sw1p1 leaving a bridge a call to dsa_port_vlan_filtering would also be made to sw2p1 and sw3p1.

In this scenario:

.———. .—–. .—–. | sw1 +—+ sw2 +—+ sw3 | ‘-1-2-3-4-’ ‘-1-2-’ ‘-1-2-’

When sw1p4 would leave a bridge dsa_port_vlan_filtering would be called for sw2 and sw3 with a non-existing port - leading to array out-of-bounds accesses and crashes on mv88e6xxx.

Reference

https://git.kernel.org/stable/c/108dc8741c203e9d6ce4e973367f1bac20c7192b https://git.kernel.org/stable/c/e1f2a4dd8d433eec393d09273a78a3d3551339cf