CVE-2026-22982

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-22982
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22982.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-22982
Downstream
Related
Published
2026-01-23T15:24:04.556Z
Modified
2026-03-24T08:59:28.645606Z
Summary
net: mscc: ocelot: Fix crash when adding interface under a lag
Details

In the Linux kernel, the following vulnerability has been resolved:

net: mscc: ocelot: Fix crash when adding interface under a lag

Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag") fixed a similar issue in the lan966x driver caused by a NULL pointer dereference. The ocelotsetaggr_pgids() function in the ocelot driver has similar logic and is susceptible to the same crash.

This issue specifically affects the ocelotvsc7514.c frontend, which leaves unused ports as NULL pointers. The felixvsc9959.c frontend is unaffected as it uses the DSA framework which registers all ports.

Fix this by checking if the port pointer is valid before accessing it.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22982.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
528d3f190c98c8f7d9581f68db4af021696727b2
Fixed
8767f238b0e6c3d0b295ac6dce9fbe6a99bd1b9d
Fixed
b17818307446c5a8d925a39a792261dbfa930041
Fixed
2985712dc76dfa670eb7fd607c09d4d48e5f5c6e
Fixed
03fb1708b7d1e76aecebf767ad059c319845039f
Fixed
f490af47bbee02441e356a1e0b86e3b3dd5120ff
Fixed
34f3ff52cb9fa7dbf04f5c734fcc4cb6ed5d1a95

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22982.json"