CVE-2022-49195

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: dsa: fix panic on shutdown if multi-chip tree failed to probe<br /> <br /> DSA probing is atypical because a tree of devices must probe all at<br /> once, so out of N switches which call dsa_tree_setup_routing_table()<br /> during probe, for (N - 1) of them, "complete" will return false and they<br /> will exit probing early. The Nth switch will set up the whole tree on<br /> their behalf.<br /> <br /> The implication is that for (N - 1) switches, the driver binds to the<br /> device successfully, without doing anything. When the driver is bound,<br /> the -&gt;shutdown() method may run. But if the Nth switch has failed to<br /> initialize the tree, there is nothing to do for the (N - 1) driver<br /> instances, since the slave devices have not been created, etc. Moreover,<br /> dsa_switch_shutdown() expects that the calling @ds has been in fact<br /> initialized, so it jumps at dereferencing the various data structures,<br /> which is incorrect.<br /> <br /> Avoid the ensuing NULL pointer dereferences by simply checking whether<br /> the Nth switch has previously set "ds-&gt;setup = true" for the switch<br /> which is currently shutting down. The entire setup is serialized under<br /> dsa2_mutex which we already hold.