CVE-2022-48779

Published: Jul 16, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix use-after-free in ocelot_vlan_del() ocelot_vlan_member_del() will free the struct ocelot_bridge_vlan, so if this is the same as the port's pvid_vlan which we access afterwards, what we're accessing is freed memory. Fix the bug by determining whether to clear ocelot_port->pvid_vlan prior to calling ocelot_vlan_member_del().

Vendor	Product	Versions
Linux	Linux	affected `d4004422f6f9fa8e55c04482008c1c9f9edd2d19 - < c98bed60cdd7f22237ae256cc9c1c3087206b8a2` affected `d4004422f6f9fa8e55c04482008c1c9f9edd2d19 - < ef57640575406f57f5b3393cf57f457b0ace837e`
Linux	Linux	affected `5.16` unaffected `0 - < 5.16` unaffected `5.16.11 - <= 5.16.` unaffected `5.17 - <= `

References

https://git.kernel.org/stable/c/c98bed60cdd7f22237ae256cc9c1c3087206b8a2

https://git.kernel.org/stable/c/ef57640575406f57f5b3393cf57f457b0ace837e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48779

Description

Affected Products

References