CVE-2022-49582 Information

Description

In the Linux kernel the following vulnerability has been resolved:

net: dsa: fix NULL pointer dereference in dsa_port_reset_vlan_filtering

The \ds\ iterator variable used in dsa_port_reset_vlan_filtering() -> dsa_switch_for_each_port() overwrites the \dp\ received as argument which is later used to call dsa_port_vlan_filtering() proper.

As a result switches which do enter that code path (the ones with vlan_filtering_is_global=true) will dereference an invalid dp in dsa_port_reset_vlan_filtering() after leaving a VLAN-aware bridge.

Use a dedicated \other_dp\ iterator variable to avoid this from happening.

Reference

https://git.kernel.org/stable/c/1699b4d502eda3c7ea4070debad3ee570b5091b1 https://git.kernel.org/stable/c/3240e12fe203a3a79b9814e83327106b770ed7b0