CVE-2022-49582

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference issue exists in the Linux kernel, specifically in the dsa port reset vlan filtering() function. The issue arises when the ds iterator variable overwrites the dp argument, which is later used to call dsa port vlan filtering(). This can cause switches to dereference an invalid dp after leaving a VLAN-aware bridge. The issue affects switches where vlan filtering is global=true.

Recommendations To resolve this issue, use a dedicated other dp iterator variable in the dsa port reset vlan filtering() function to avoid overwriting the dp argument. At the moment, there is no information about a newer version that contains a fix for this vulnerability.