In the Linux kernel, the following vulnerability has been resolved:
net: dsa: fix NULL pointer dereference in dsaportresetvlanfiltering
The "ds" iterator variable used in dsaportresetvlanfiltering() -> dsaswitchforeachport() overwrites the "dp" received as argument, which is later used to call dsaportvlan_filtering() proper.
As a result, switches which do enter that code path (the ones with vlanfilteringisglobal=true) will dereference an invalid dp in dsaportresetvlan_filtering() after leaving a VLAN-aware bridge.
Use a dedicated "other_dp" iterator variable to avoid this from happening.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49582.json",
"cna_assigner": "Linux"
}