CVE-2022-49195

MEDIUM EPSS 14.9%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic on shutdown if multi-chip tree failed to probe DSA probing is atypical because a tree of devices must probe all at once, so out of N switches which call dsa_tree_setup_routing_table() during probe, for (N - 1) of them, "complete" will return false and they will exit probing early. The Nth switch will set up the whole tree on their behalf. The implication is that for (N - 1) switches, the driver binds to the device successfully, without doing anything. When the driver is bound, the ->shutdown() method may run. But if the Nth switch has failed to initialize the tree, there is nothing to do for the (N - 1) driver instances, since the slave devices have not been created, etc. Moreover, dsa_switch_shutdown() expects that the calling @ds has been in fact initialized, so it jumps at dereferencing the various data structures, which is incorrect. Avoid the ensuing NULL pointer dereferences by simply checking whether the Nth switch has previously set "ds->setup = true" for the switch which is currently shutting down. The entire setup is serialized under dsa2_mutex which we already hold.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥5.15.1  –  <5.15.33
linuxlinux_kernel*≥5.16  –  <5.16.19
linuxlinux_kernel*≥5.17  –  <5.17.2
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any
linuxlinux_kernel5.15any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/8fd36358ce82382519b50b05f437493e1e00c4a9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95df5cd5a446df6738d2d45872e08594819080e4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b6e668ff43ebd87ccc8a19e5481345c428672295
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b864d5350c18bea9369d0bdd9e7eb6f6172cc283
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/8fd36358ce82382519b50b05f437493e1e00c4a9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95df5cd5a446df6738d2d45872e08594819080e4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b6e668ff43ebd87ccc8a19e5481345c428672295
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b864d5350c18bea9369d0bdd9e7eb6f6172cc283
    Patch