CVE-2022-49195
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49195
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49195.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49195
- Downstream
- Published
- 2025-02-26T01:55:40Z
- Modified
- 2025-10-21T09:27:23.631563Z
- Summary
- net: dsa: fix panic on shutdown if multi-chip tree failed to probe
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: fix panic on shutdown if multi-chip tree failed to probe
DSA probing is atypical because a tree of devices must probe all at once, so out of N switches which call dsatreesetuproutingtable() during probe, for (N - 1) of them, "complete" will return false and they will exit probing early. The Nth switch will set up the whole tree on their behalf.
The implication is that for (N - 1) switches, the driver binds to the device successfully, without doing anything. When the driver is bound, the ->shutdown() method may run. But if the Nth switch has failed to initialize the tree, there is nothing to do for the (N - 1) driver instances, since the slave devices have not been created, etc. Moreover, dsaswitchshutdown() expects that the calling @ds has been in fact initialized, so it jumps at dereferencing the various data structures, which is incorrect.
Avoid the ensuing NULL pointer dereferences by simply checking whether the Nth switch has previously set "ds->setup = true" for the switch which is currently shutting down. The entire setup is serialized under dsa2_mutex which we already hold.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/8fd36358ce82382519b50b05f437493e1e00c4a9
- https://git.kernel.org/stable/c/95df5cd5a446df6738d2d45872e08594819080e4
- https://git.kernel.org/stable/c/b6e668ff43ebd87ccc8a19e5481345c428672295
- https://git.kernel.org/stable/c/b864d5350c18bea9369d0bdd9e7eb6f6172cc283
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0650bf52b31ff35dc6430fc2e37969c36baba724Fixed95df5cd5a446df6738d2d45872e08594819080e4
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0650bf52b31ff35dc6430fc2e37969c36baba724Fixedb6e668ff43ebd87ccc8a19e5481345c428672295
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0650bf52b31ff35dc6430fc2e37969c36baba724Fixedb864d5350c18bea9369d0bdd9e7eb6f6172cc283
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0650bf52b31ff35dc6430fc2e37969c36baba724Fixed8fd36358ce82382519b50b05f437493e1e00c4a9
Affected versions
v5.*
v5.15
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.16.17
v5.16.18
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
Database specific
vanir_signatures
[
{
"digest": {
"length": 359.0,
"function_hash": "125539976823101295864386727150134439369"
},
"deprecated": false,
"id": "CVE-2022-49195-5bc06db6",
"target": {
"function": "dsa_switch_shutdown",
"file": "net/dsa/dsa2.c"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8fd36358ce82382519b50b05f437493e1e00c4a9"
},
{
"digest": {
"length": 478.0,
"function_hash": "270187218710496567689079828806117935931"
},
"deprecated": false,
"id": "CVE-2022-49195-614b0108",
"target": {
"function": "dsa_switch_shutdown",
"file": "net/dsa/dsa2.c"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95df5cd5a446df6738d2d45872e08594819080e4"
},
{
"digest": {
"line_hashes": [
"179148135290069337744741102514040976560",
"160566182993371930193093487239087191609",
"297899052205136148243722712897324000010",
"255595095157922545734276838657906648516",
"165394192115801534371491503315500290274",
"285961937985098942233205093196366382867",
"242076816039389909637554123413470306274",
"173571669902483906705553795717207722116"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2022-49195-7bcb42a4",
"target": {
"file": "net/dsa/dsa2.c"
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b864d5350c18bea9369d0bdd9e7eb6f6172cc283"
},
{
"digest": {
"length": 359.0,
"function_hash": "125539976823101295864386727150134439369"
},
"deprecated": false,
"id": "CVE-2022-49195-9027fe5f",
"target": {
"function": "dsa_switch_shutdown",
"file": "net/dsa/dsa2.c"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b6e668ff43ebd87ccc8a19e5481345c428672295"
},
{
"digest": {
"line_hashes": [
"210632535381881662762415043039756448608",
"319567773091961345132614654407611923346",
"213380258097003918381932222206085043126",
"262958007372367242416109229741904152719",
"17821653169026793621771339024601698148",
"315069441411618060499020244297520945394",
"5785113095398761090993859827011198946",
"173571669902483906705553795717207722116"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2022-49195-9433b781",
"target": {
"file": "net/dsa/dsa2.c"
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95df5cd5a446df6738d2d45872e08594819080e4"
},
{
"digest": {
"line_hashes": [
"179148135290069337744741102514040976560",
"160566182993371930193093487239087191609",
"297899052205136148243722712897324000010",
"255595095157922545734276838657906648516",
"165394192115801534371491503315500290274",
"285961937985098942233205093196366382867",
"242076816039389909637554123413470306274",
"173571669902483906705553795717207722116"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2022-49195-9997a418",
"target": {
"file": "net/dsa/dsa2.c"
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8fd36358ce82382519b50b05f437493e1e00c4a9"
},
{
"digest": {
"line_hashes": [
"179148135290069337744741102514040976560",
"160566182993371930193093487239087191609",
"297899052205136148243722712897324000010",
"255595095157922545734276838657906648516",
"165394192115801534371491503315500290274",
"285961937985098942233205093196366382867",
"242076816039389909637554123413470306274",
"173571669902483906705553795717207722116"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2022-49195-de19b0ee",
"target": {
"file": "net/dsa/dsa2.c"
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b6e668ff43ebd87ccc8a19e5481345c428672295"
},
{
"digest": {
"length": 359.0,
"function_hash": "125539976823101295864386727150134439369"
},
"deprecated": false,
"id": "CVE-2022-49195-fb7650c1",
"target": {
"function": "dsa_switch_shutdown",
"file": "net/dsa/dsa2.c"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b864d5350c18bea9369d0bdd9e7eb6f6172cc283"
}
]