CVE-2022-49582

Published: Feb 26, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix NULL pointer dereference in dsa_port_reset_vlan_filtering The "ds" iterator variable used in dsa_port_reset_vlan_filtering() -> dsa_switch_for_each_port() overwrites the "dp" received as argument, which is later used to call dsa_port_vlan_filtering() proper. As a result, switches which do enter that code path (the ones with vlan_filtering_is_global=true) will dereference an invalid dp in dsa_port_reset_vlan_filtering() after leaving a VLAN-aware bridge. Use a dedicated "other_dp" iterator variable to avoid this from happening.

Vendor	Product	Versions
Linux	Linux	affected `d0004a020bb50263de0e3e775c7b7c7a003e0e0c - < 3240e12fe203a3a79b9814e83327106b770ed7b0` affected `d0004a020bb50263de0e3e775c7b7c7a003e0e0c - < 1699b4d502eda3c7ea4070debad3ee570b5091b1`
Linux	Linux	affected `5.16` unaffected `0 - < 5.16` unaffected `5.18.15 - <= 5.18.` unaffected `5.19 - <= `

References

https://git.kernel.org/stable/c/3240e12fe203a3a79b9814e83327106b770ed7b0

https://git.kernel.org/stable/c/1699b4d502eda3c7ea4070debad3ee570b5091b1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49582

Description

Affected Products

References