// For flags

CVE-2022-49195

net: dsa: fix panic on shutdown if multi-chip tree failed to probe

Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (1)
MITRE
CWE (0)
CAPEC (-)
Risk
CVSS Score
-
SSVC
-
KEV
-
EPSS
Affected Products (-)
Vendors (1)
linux
Products (1)
linux_kernel
Versions (4)
>= 5.15 < 5.15.33, >= 5.15 < 5.16.19, >= 5.15 < 5.17.2, >= 5.15 < 5.18
Intel Resources (-)
Advisories (-)
-
Exploits (-)
-
Plugins (-)
-
References (5)
General (1)
kernel
Exploits & POcs (-)
Patches (4)
kernel
Advisories (-)
Summary
Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic on shutdown if multi-chip tree failed to probe DSA probing is atypical because a tree of devices must probe all at
once, so out of N switches which call dsa_tree_setup_routing_table()
during probe, for (N - 1) of them, "complete" will return false and they
will exit probing early. The Nth switch will set up the whole tree on
their behalf. The implication is that for (N - 1) switches, the driver binds to the
device successfully, without doing anything. When the driver is bound,
the ->shutdown() method may run. But if the Nth switch has failed to
initialize the tree, there is nothing to do for the (N - 1) driver
instances, since the slave devices have not been created, etc. Moreover,
dsa_switch_shutdown() expects that the calling @ds has been in fact
initialized, so it jumps at dereferencing the various data structures,
which is incorrect. Avoid the ensuing NULL pointer dereferences by simply checking whether
the Nth switch has previously set "ds->setup = true" for the switch
which is currently shutting down. The entire setup is serialized under
dsa2_mutex which we already hold.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2025-02-26 CVE Reserved
  • 2025-02-26 CVE Published
  • 2025-02-26 CVE Updated
  • ---------- EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Threat Intelligence Resources (0)
Security Advisory details:

Select an advisory to view details here.

Select an exploit to view details here.

Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 5.15 < 5.15.33
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.33"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 5.15 < 5.16.19
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.16.19"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 5.15 < 5.17.2
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.17.2"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 5.15 < 5.18
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.18"
en
Affected