UBUNTU-CVE-2026-45849

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the injection group lock. Both functions contain lockdepassertheld for the...

UBUNTU-CVE-2026-22982

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix crash when adding interface under a lag Commit 15faa1f67ab4 "lan966x: Fix crash when adding interface under a lag" fixed a similar issue in the lan966x driver caused by a NULL pointer dereference. The...

CVE-2026-22982

CVE-2026-22982 is a Linux kernel vulnerability in the net: mscc: ocelot driver. The issue causes a crash when adding an interface under a lag due to NULL pointer dereferences in the ocelot frontend (ocelot_vsc7514.c) where unused ports may be left as NULL. The fix updates the code to verify the p...

CVE-2025-40003

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls canceldelayedwork in ocelotstatsdeinit to cancel the cyclic delayed work item ocelot-statswork. However, canceldelayedwork may fail to canc...

DEBIAN-CVE-2025-40003

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls canceldelayedwork in ocelotstatsdeinit to cancel the cyclic delayed work item ocelot-statswork. However, canceldelayedwork may fail to canc...

CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls canceldelayedwork in ocelotstatsdeinit to cancel the cyclic delayed work item ocelot-statswork. However, canceldelayedwork may fail to canc...

CVE-2025-40003

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls canceldelayedwork in ocelotstatsdeinit to cancel the cyclic delayed work item ocelot-statswork. However, canceldelayedwork may fail to canc...

PT-2025-42708

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the networking subsystem, specifically in the mscc ocelot component. The problem arises from a cyclic delayed work item where canc...

AZL-55437 CVE-2024-56717 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRCPORT field in ocelotifhsetbasic Packets injected by the CPU should have a SRCPORT field equal to the CPU port module index in the Analyzer block ocelot-numphysports. The blamed commit copie...

CVE-2024-56717

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRCPORT field in ocelotifhsetbasic Packets injected by the CPU should have a SRCPORT field equal to the CPU port module index in the Analyzer block ocelot-numphysports. The blamed commit copie...

Unbreakable Enterprise kernel security update

5.4.17-2102.202.5 - sctp: delay autoasconf init until binding the first addr Xin Long Orabug: 32907967 CVE-2021-23133 CVE-2021-23133 - dm ioctl: fix out of bounds array access when no devices Mikulas Patocka Orabug: 32860491 CVE-2021-31916 - uek-rpm: update kABI lists for the new symbols Saeed...