CVE-2022-48779
- Source
- https://cve.org/CVERecord?id=CVE-2022-48779
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48779.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48779
- Downstream
- Published
- 2024-07-16T11:13:17.173Z
- Modified
- 2026-04-02T08:27:00.020959Z
- Summary
- net: mscc: ocelot: fix use-after-free in ocelot_vlan_del()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: mscc: ocelot: fix use-after-free in ocelotvlandel()
ocelotvlanmemberdel() will free the struct ocelotbridgevlan, so if this is the same as the port's pvidvlan which we access afterwards, what we're accessing is freed memory.
Fix the bug by determining whether to clear ocelotport->pvidvlan prior to calling ocelotvlanmember_del().
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48779.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/c98bed60cdd7f22237ae256cc9c1c3087206b8a2
- https://git.kernel.org/stable/c/ef57640575406f57f5b3393cf57f457b0ace837e
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48779.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-48779
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git