CVE-2026-22982
- Source
- https://cve.org/CVERecord?id=CVE-2026-22982
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-22982.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-22982
- Downstream
- Related
- Published
- 2026-01-23T15:24:04.556Z
- Modified
- 2026-05-15T04:14:19.217942257Z
- Summary
- net: mscc: ocelot: Fix crash when adding interface under a lag
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: mscc: ocelot: Fix crash when adding interface under a lag
Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag") fixed a similar issue in the lan966x driver caused by a NULL pointer dereference. The ocelotsetaggr_pgids() function in the ocelot driver has similar logic and is susceptible to the same crash.
This issue specifically affects the ocelotvsc7514.c frontend, which leaves unused ports as NULL pointers. The felixvsc9959.c frontend is unaffected as it uses the DSA framework which registers all ports.
Fix this by checking if the port pointer is valid before accessing it.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22982.json" }- References
-
- https://git.kernel.org/stable/c/03fb1708b7d1e76aecebf767ad059c319845039f
- https://git.kernel.org/stable/c/2985712dc76dfa670eb7fd607c09d4d48e5f5c6e
- https://git.kernel.org/stable/c/34f3ff52cb9fa7dbf04f5c734fcc4cb6ed5d1a95
- https://git.kernel.org/stable/c/8767f238b0e6c3d0b295ac6dce9fbe6a99bd1b9d
- https://git.kernel.org/stable/c/b17818307446c5a8d925a39a792261dbfa930041
- https://git.kernel.org/stable/c/f490af47bbee02441e356a1e0b86e3b3dd5120ff
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22982.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-22982
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git