admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-492xx/CVE-2022-49234.json
cad-safe-bot 6a206bf025 Auto-Update: 2025-03-09T03:00:19.873769+00:00
2025-03-09 03:03:50 +00:00

29 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-49234",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-26T07:01:00.407",
"lastModified": "2025-02-26T07:01:00.407",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: Avoid cross-chip syncing of VLAN filtering\n\nChanges to VLAN filtering are not applicable to cross-chip\nnotifications.\n\nOn a system like this:\n\n.-----. .-----. .-----.\n| sw1 +---+ sw2 +---+ sw3 |\n'-1-2-' '-1-2-' '-1-2-'\n\nBefore this change, upon sw1p1 leaving a bridge, a call to\ndsa_port_vlan_filtering would also be made to sw2p1 and sw3p1.\n\nIn this scenario:\n\n.---------. .-----. .-----.\n| sw1 +---+ sw2 +---+ sw3 |\n'-1-2-3-4-' '-1-2-' '-1-2-'\n\nWhen sw1p4 would leave a bridge, dsa_port_vlan_filtering would be\ncalled for sw2 and sw3 with a non-existing port - leading to array\nout-of-bounds accesses and crashes on mv88e6xxx."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: Evitar la sincronizaci\u00f3n entre chips del filtrado de VLAN Los cambios en el filtrado de VLAN no son aplicables a las notificaciones entre chips. En un sistema como este: .-----. .-----. .-----. | sw1 +---+ sw2 +---+ sw3 | '-1-2-' '-1-2-' '-1-2-' Antes de este cambio, al salir sw1p1 de un puente, tambi\u00e9n se realizaba una llamada a dsa_port_vlan_filtering a sw2p1 y sw3p1. En este escenario: .---------. .-----. .-----. | sw1 +---+ sw2 +---+ sw3 | '-1-2-3-4-' '-1-2-' '-1-2-' Cuando sw1p4 abandonara un puente, se llamar\u00eda a dsa_port_vlan_filtering para sw2 y sw3 con un puerto inexistente, lo que provocar\u00eda accesos fuera de los l\u00edmites de la matriz y fallos en mv88e6xxx."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/108dc8741c203e9d6ce4e973367f1bac20c7192b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e1f2a4dd8d433eec393d09273a78a3d3551339cf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink