CVE-2026-45849

MEDIUM

net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() ocelot_port_xmit_inj() calls ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock. Both functions contain lockdep_assert_held() for the injection lock, and the correct caller felix_port_deferred_xmit() properly acquires the lock using ocelot_lock_inj_grp() before calling these functions. Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register injection path to fix the missing lock protection. The FDMA path is not affected as it uses its own locking mechanism.

Scores

CVSS v3 5.5
EPSS 0.0014
EPSS Percentile 3.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-667
Status published
Products (25)
linux/Kernel < 6.1.165linux
linux/Kernel 6.11.0 - 6.18.14linux
linux/Kernel 6.13.0 - 6.19.4linux
linux/Kernel 6.2.0 - 6.6.128linux
linux/Kernel 6.7.0 - 6.12.75linux
Linux/Linux < 6.11
Linux/Linux 6.1.107 - 6.1.165
Linux/Linux 6.1.165 - 6.1.*
Linux/Linux 6.10.7 - 6.11
Linux/Linux 6.11
... and 15 more
Published May 27, 2026
Tracked Since May 27, 2026