CVE-2022-48779

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the ocelot vlan del() function in the Linux kernel's Microsemi network adapter driver, which is vulnerable to a use-after-free condition. This occurs because ocelot vlan member del() frees the struct ocelot bridge vlan, and if this is the same as the port's pvid vlan, accessing it afterwards results in accessing freed memory. This could potentially impact the confidentiality, integrity, and availability of protected information.

Recommendations To resolve the issue, determine whether to clear ocelot port->pvid vlan prior to calling ocelot vlan member del(). As a temporary workaround, consider restricting access to the vulnerable ocelot vlan del() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.