Description
In the Linux kernel, the following vulnerability has been resolved:

net: mscc: ocelot: Fix crash when adding interface under a lag

Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag")
fixed a similar issue in the lan966x driver caused by a NULL pointer dereference.
The ocelot_set_aggr_pgids() function in the ocelot driver has similar logic
and is susceptible to the same crash.

This issue specifically affects the ocelot_vsc7514.c frontend, which leaves
unused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as
it uses the DSA framework which registers all ports.

Fix this by checking if the port pointer is valid before accessing it.
Published: 2026-01-23
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

The vulnerability is a NULL pointer dereference that occurs when adding a network interface under a link aggregation group in the ocelot driver. When the driver attempts to access an unused port that is represented as a NULL pointer, the kernel crashes, causing a system reboot or loss of connectivity, which is effectively a denial of service for the affected system. The weakness is classified as CWE‑476.

Affected Systems

Affected systems are Linux kernel installations that include the ocelot network driver, specifically the ocelot_vsc7514.c frontend. The vulnerability applies to all Linux kernel versions covered by the provided CPEs – including the 6.19 release candidates 1 through 4. The felix_vsc9959.c frontend, which employs the DSA framework and registers all ports, is not affected.

Risk and Exploitability

The official CVSS score is 5.5, indicating medium severity, and the EPSS score is below 1%, suggesting low exploitable probability at this time. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a local privileged user who can configure network interfaces, as the crash is triggered during the addition of an interface under a lag. There are no known publicly available exploit tools at the time of analysis.

Generated by OpenCVE AI on April 18, 2026 at 18:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update to a version that includes the fix to the ocelot driver.
  • If an update cannot be performed immediately, avoid adding or reconfiguring network interfaces under a link aggregation group that relies on the ocelot driver until a fix is available.
  • Reboot the system after removing any existing lag configuration that involves the ocelot driver to ensure no unstable kernel state remains until the patch is applied.

Generated by OpenCVE AI on April 18, 2026 at 18:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4476-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6126-1 linux security update
Debian DSA Debian DSA DSA-6127-1 linux security update
Ubuntu USN Ubuntu USN USN-8096-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-4 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8096-5 Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN Ubuntu USN USN-8116-1 Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8141-1 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-2 Linux kernel (Azure) vulnerabilities
History

Thu, 26 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 24 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References

Fri, 23 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix crash when adding interface under a lag Commit 15faa1f67ab4 ("lan966x: Fix crash when adding interface under a lag") fixed a similar issue in the lan966x driver caused by a NULL pointer dereference. The ocelot_set_aggr_pgids() function in the ocelot driver has similar logic and is susceptible to the same crash. This issue specifically affects the ocelot_vsc7514.c frontend, which leaves unused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as it uses the DSA framework which registers all ports. Fix this by checking if the port pointer is valid before accessing it.
Title net: mscc: ocelot: Fix crash when adding interface under a lag
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:36:32.363Z

Reserved: 2026-01-13T15:37:45.936Z

Link: CVE-2026-22982

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T16:15:54.223

Modified: 2026-02-26T18:48:27.273

Link: CVE-2026-22982

cve-icon Redhat

Severity :

Publid Date: 2026-01-23T00:00:00Z

Links: CVE-2026-22982 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:00:08Z

Weaknesses