CVE-2022-49195

{"id": "CVE-2022-49195", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:00:56.580", "references": [{"url": "https://git.kernel.org/stable/c/8fd36358ce82382519b50b05f437493e1e00c4a9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/95df5cd5a446df6738d2d45872e08594819080e4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b6e668ff43ebd87ccc8a19e5481345c428672295", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b864d5350c18bea9369d0bdd9e7eb6f6172cc283", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix panic on shutdown if multi-chip tree failed to probe\n\nDSA probing is atypical because a tree of devices must probe all at\nonce, so out of N switches which call dsa_tree_setup_routing_table()\nduring probe, for (N - 1) of them, \"complete\" will return false and they\nwill exit probing early. The Nth switch will set up the whole tree on\ntheir behalf.\n\nThe implication is that for (N - 1) switches, the driver binds to the\ndevice successfully, without doing anything. When the driver is bound,\nthe ->shutdown() method may run. But if the Nth switch has failed to\ninitialize the tree, there is nothing to do for the (N - 1) driver\ninstances, since the slave devices have not been created, etc. Moreover,\ndsa_switch_shutdown() expects that the calling @ds has been in fact\ninitialized, so it jumps at dereferencing the various data structures,\nwhich is incorrect.\n\nAvoid the ensuing NULL pointer dereferences by simply checking whether\nthe Nth switch has previously set \"ds->setup = true\" for the switch\nwhich is currently shutting down. The entire setup is serialized under\ndsa2_mutex which we already hold."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: fix panic on shutting if multi-chip tree failed to probe El sondeo de DSA es at\u00edpico porque un \u00e1rbol de dispositivos debe sondear todos a la vez, por lo que de N switches que llaman a dsa_tree_setup_routing_table() durante el sondeo, para (N - 1) de ellos, \"complete\" devolver\u00e1 false y saldr\u00e1n del sondeo antes de tiempo. El Nth switch configurar\u00e1 todo el \u00e1rbol en su nombre. La implicaci\u00f3n es que para (N - 1) switches, el controlador se vincula al dispositivo con \u00e9xito, sin hacer nada. Cuando el controlador est\u00e1 vinculado, el m\u00e9todo ->shutdown() puede ejecutarse. Pero si el Nth switch no ha podido inicializar el \u00e1rbol, no hay nada que hacer para las (N - 1) instancias del controlador, ya que los dispositivos esclavos no se han creado, etc. Adem\u00e1s, dsa_switch_shutdown() espera que el @ds que llama se haya inicializado de hecho, por lo que salta a desreferenciar las diversas estructuras de datos, lo cual es incorrecto. Evite las desreferencias de puntero NULL resultantes simplemente verificando si el conmutador Nth ha establecido previamente \"ds->setup = true\" para el conmutador que se est\u00e1 apagando actualmente. La configuraci\u00f3n completa est\u00e1 serializada bajo dsa2_mutex que ya tenemos."}], "lastModified": "2025-09-23T13:44:29.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D9EC10D-B839-4DFA-AD2C-E2032832E49F", "versionEndExcluding": "5.15.33", "versionStartIncluding": "5.15.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B", "versionEndExcluding": "5.16.19", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF", "versionEndExcluding": "5.17.2", "versionStartIncluding": "5.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40D9C0D1-0F32-4A2B-9840-1072F5497540"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF55383D-4DF2-45DC-93F7-571F4F978EAB"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E9481B2-8AA6-4CBD-B5D3-C10F51FF6D01"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBD45831-4B79-42BC-ABC0-86870F0DEA89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "948A6B8D-1B72-4945-8680-354E53BE1C80"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}