AZL-67623

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67623.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67623

Upstream

CVE-2022-49234

Published

2025-02-26T07:01:00Z

Modified

2026-04-01T05:21:15.772401Z

Summary

CVE-2022-49234 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: Avoid cross-chip syncing of VLAN filtering

Changes to VLAN filtering are not applicable to cross-chip notifications.

On a system like this:

.-----. .-----. .-----. | sw1 +---+ sw2 +---+ sw3 | '-1-2-' '-1-2-' '-1-2-'

Before this change, upon sw1p1 leaving a bridge, a call to dsaportvlan_filtering would also be made to sw2p1 and sw3p1.

In this scenario:

.---------. .-----. .-----. | sw1 +---+ sw2 +---+ sw3 | '-1-2-3-4-' '-1-2-' '-1-2-'

When sw1p4 would leave a bridge, dsaportvlan_filtering would be called for sw2 and sw3 with a non-existing port - leading to array out-of-bounds accesses and crashes on mv88e6xxx.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-49234

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67623.json"