CVE-2026-45849
MEDIUMnet: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() ocelot_port_xmit_inj() calls ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock. Both functions contain lockdep_assert_held() for the injection lock, and the correct caller felix_port_deferred_xmit() properly acquires the lock using ocelot_lock_inj_grp() before calling these functions. Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register injection path to fix the missing lock protection. The FDMA path is not affected as it uses its own locking mechanism.
References (6)
Core 6
Core References
Scores
CVSS v3
5.5
EPSS
0.0014
EPSS Percentile
3.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-667
Status
published
Products (25)
linux/Kernel
< 6.1.165linux
linux/Kernel
6.11.0 - 6.18.14linux
linux/Kernel
6.13.0 - 6.19.4linux
linux/Kernel
6.2.0 - 6.6.128linux
linux/Kernel
6.7.0 - 6.12.75linux
Linux/Linux
< 6.11
Linux/Linux
6.1.107 - 6.1.165
Linux/Linux
6.1.165 - 6.1.*
Linux/Linux
6.10.7 - 6.11
Linux/Linux
6.11
... and 15 more
Published
May 27, 2026
Tracked Since
May 27, 2026