CVE-2022-49134

Published: Feb 26, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Guard against invalid local ports When processing events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not for the CPU port (local port 0), which exists, but does not have all the fields as any local port. This can result in a NULL pointer dereference when trying access 'struct mlxsw_sp_port' fields which are not initialized for CPU port. Commit 63b08b1f6834 ("mlxsw: spectrum: Protect driver from buggy firmware") already handled such issue by bailing early when processing a PUDE event reported for the CPU port. Generalize the approach by moving the check to a common function and making use of it in all relevant places.

Vendor	Product	Versions
Linux	Linux	affected `28b1987ef5064dd5c43538ba1168ef7b801f3cad - < 4cad27ba2e5a5843a7fab5aa30de2b8e8c3db3a8` affected `28b1987ef5064dd5c43538ba1168ef7b801f3cad - < bcdfd615f83b4bd04678109bf18022d1476e4bbf`
Linux	Linux	affected `5.4` unaffected `0 - < 5.4` unaffected `5.17.3 - <= 5.17.` unaffected `5.18 - <= `

References

https://git.kernel.org/stable/c/4cad27ba2e5a5843a7fab5aa30de2b8e8c3db3a8

https://git.kernel.org/stable/c/bcdfd615f83b4bd04678109bf18022d1476e4bbf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49134

Description

Affected Products

References