CVE-2022-49234

CVE-2022-49234 is a vulnerability in the Linux kernel's Distributed Switch Architecture (DSA) subsystem, specifically related to improper handling of VLAN filtering changes across multiple chained switches. The issue arises when changes to VLAN filtering on one switch trigger unnecessary cross-chip notifications to other switches, leading to calls on non-existent ports. This results in array out-of-bounds read accesses, particularly on mv88e6xxx switch chips, as classified under CWE-125. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating high impacts on confidentiality and availability.

A local attacker with low privileges can exploit this vulnerability by manipulating bridge configurations on DSA switch ports, such as removing a port from a bridge in a multi-switch topology. For example, in a setup with switches connected serially (e.g., sw1p2 to sw2p1, sw2p2 to sw3p1), removing sw1p1 or sw1p4 from a bridge triggers dsa_port_vlan_filtering calls to invalid ports on downstream switches like sw2p1 or sw3p1. This causes out-of-bounds memory reads, potentially leading to kernel crashes and information disclosure from sensitive memory regions.

Mitigation involves applying the upstream kernel patches referenced in the stable commit history. Key fixes include commit 108dc8741c203e9d6ce4e973367f1bac20c7192b and e1f2a4dd8d433eec393d09273a78a3d3551339cf, which prevent cross-chip syncing of VLAN filtering changes by ensuring such operations are confined to the local switch. Security practitioners should update affected Linux kernels to versions incorporating these commits and verify configurations in multi-DSA-switch environments.