In the Linux kernel, the following vulnerability has been resolved:
net: dsa: fix a crash if ->getssetcount() fails
If ds->ops->getssetcount() fails then it "count" is a negative error code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative error code is type promoted to a very high value and the loop will corrupt memory until the system crashes.
Fix this by checking for error codes and changing the type of "i" to just int.