In the Linux kernel, the following vulnerability has been resolved:
net: mscc: ocelot: add missing lock protection in ocelotportxmit_inj()
ocelotportxmitinj() calls ocelotcaninject() and ocelotportinjectframe() without holding the injection group lock. Both functions contain lockdepassertheld() for the injection lock, and the correct caller felixportdeferredxmit() properly acquires the lock using ocelotlockinjgrp() before calling these functions.
Add ocelotlockinjgrp()/ocelotunlockinjgrp() around the register injection path to fix the missing lock protection. The FDMA path is not affected as it uses its own locking mechanism.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45849.json",
"cna_assigner": "Linux"
}