CVE-2022-49234

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: dsa: Avoid cross-chip syncing of VLAN filtering<br /> <br /> Changes to VLAN filtering are not applicable to cross-chip<br /> notifications.<br /> <br /> On a system like this:<br /> <br /> .-----. .-----. .-----.<br /> | sw1 +---+ sw2 +---+ sw3 |<br /> &amp;#39;-1-2-&amp;#39; &amp;#39;-1-2-&amp;#39; &amp;#39;-1-2-&amp;#39;<br /> <br /> Before this change, upon sw1p1 leaving a bridge, a call to<br /> dsa_port_vlan_filtering would also be made to sw2p1 and sw3p1.<br /> <br /> In this scenario:<br /> <br /> .---------. .-----. .-----.<br /> | sw1 +---+ sw2 +---+ sw3 |<br /> &amp;#39;-1-2-3-4-&amp;#39; &amp;#39;-1-2-&amp;#39; &amp;#39;-1-2-&amp;#39;<br /> <br /> When sw1p4 would leave a bridge, dsa_port_vlan_filtering would be<br /> called for sw2 and sw3 with a non-existing port - leading to array<br /> out-of-bounds accesses and crashes on mv88e6xxx.