CVE-2022-48779

July 16, 2024, 1:43 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix use-after-free in ocelot_vlan_del() ocelot_vlan_member_del() will free the struct ocelot_bridge_vlan, so if this is the same as the port's pvid_vlan which we access afterwards, what we're accessing is freed memory. Fix the bug by determining whether to clear ocelot_port->pvid_vlan prior to calling ocelot_vlan_member_del().

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/c98bed60cdd7f22237ae256cc9c1c3087206b8a2
https://git.kernel.org/stable/c/ef57640575406f57f5b3393cf57f457b0ace837e

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-07-16
CVE-2022-48779

Timeline

Published: July 16, 2024, 12:15 p.m.
Last Modified: July 16, 2024, 1:43 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.