CVE-2026-45849 - Vulnerability Details

- net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()

Description

In the Linux kernel, the following vulnerability has been resolved:

net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()

ocelot_port_xmit_inj() calls ocelot_can_inject() and
ocelot_port_inject_frame() without holding the injection group lock.
Both functions contain lockdep_assert_held() for the injection lock,
and the correct caller felix_port_deferred_xmit() properly acquires
the lock using ocelot_lock_inj_grp() before calling these functions.

Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register
injection path to fix the missing lock protection. The FDMA path is not
affected as it uses its own locking mechanism.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The ocelot driver contained a race condition because the function that transmits injected frames did not hold the required injection group lock. This code path can corrupt kernel state or cause a crash when concurrent accesses occur, leading to a denial of service. The missing lock protection creates a scenario where attacker‑controlled driver interactions or crafted network traffic could trigger the race, potentially exposing the system to critical instability or exploitation if the attacker crafts input to corrupt memory.

Affected Systems

All Linux kernel releases that contain the ocelot network driver before the patch that introduces lock protection around the registration injection path are affected. The issue is tied to the ocelot driver implementation used in kernel versions prior to the inclusion of the missing lock fix.

Risk and Exploitability

No EPSS score is available, and the vulnerability is not listed in CISA's KEV catalog, indicating that widespread exploitation has not been observed. However, because the flaw involves a race condition in kernel space, the potential impact is severe when an attacker can influence network traffic directed to the affected driver. The likely attack vector is a local or remote attacker who can generate traffic processed by the ocelot driver to trigger the race, causing a kernel crash or data corruption.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`960ec92774e152b677ccd0006abcab7b9dd814c2`	affected	< 0b217a40156f497e09dd20d3f7baec40c785f386
`e83b49ecb569c9c5fa7cc30e55cf2c15f71f9f39`	affected	< cc1b179f778f98270bdbbb48d183b4b6427ae198
`c5e12ac3beb0dd3a718296b2d8af5528e9ab728e`	affected	< 7ac58d8832802ec89baa7539e13e6d58a88cce04
`c5e12ac3beb0dd3a718296b2d8af5528e9ab728e`	affected	< 51c32ae7fae14552d79f7139614b77c1bbd57a48
`c5e12ac3beb0dd3a718296b2d8af5528e9ab728e`	affected	< 63da961381e0d979459dede713001f8452364477
`c5e12ac3beb0dd3a718296b2d8af5528e9ab728e`	affected	< 026f6513c5880c2c89e38ad66bbec2868f978605
`609cd73bf38bbd48f1e695e01802114b01aa8811`	affected	—
`6.1.107`	affected	< 6.1.165
`6.6.48`	affected	< 6.6.128
`6.10.7`	affected	< 6.11

Linux

affected

Version	Status	Constraints
`6.11`	affected	—
`0`	unaffected	< 6.11
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[960ec92774e152b677ccd0006abcab7b9dd814c2,0b217a40156f497e09dd20d3f7baec40c785f386)`	affected	code_commit	—
`[e83b49ecb569c9c5fa7cc30e55cf2c15f71f9f39,cc1b179f778f98270bdbbb48d183b4b6427ae198)`	affected	code_commit	—
`[c5e12ac3beb0dd3a718296b2d8af5528e9ab728e,7ac58d8832802ec89baa7539e13e6d58a88cce04)`	affected	code_commit	—
`[c5e12ac3beb0dd3a718296b2d8af5528e9ab728e,51c32ae7fae14552d79f7139614b77c1bbd57a48)`	affected	code_commit	—
`[c5e12ac3beb0dd3a718296b2d8af5528e9ab728e,63da961381e0d979459dede713001f8452364477)`	affected	code_commit	—
`[c5e12ac3beb0dd3a718296b2d8af5528e9ab728e,026f6513c5880c2c89e38ad66bbec2868f978605)`	affected	code_commit	—
`609cd73bf38bbd48f1e695e01802114b01aa8811`	affected	code_commit	—
`[6.1.107,6.1.165)`	affected	semver	—
`[6.6.48,6.6.128)`	affected	semver	—
`[6.10.7,6.11)`	affected	semver	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.11`	affected	semver	—
`[0,6.11)`	unaffected	semver	—
`[6.1.165,6.1.*]`	unaffected	generic	—
`[6.6.128,6.6.*]`	unaffected	generic	—
`[6.12.75,6.12.*]`	unaffected	generic	—
`[6.18.14,6.18.*]`	unaffected	generic	—
`[6.19.4,6.19.*]`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the patch adding lock protection in ocelot_port_xmit_inj()
If a kernel update is not immediately available, disable the ocelot driver or its injection functionality to reduce exposure until the patch is applied
Enable kernel lockdep during testing to detect any remaining locking issues in related code paths

Generated by OpenCVE AI on May 27, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/026f6513c5880c2c89e38ad66bbec2868f978605
https://git.kernel.org/stable/c/0b217a40156f497e09dd20d3f7baec40c785f386
https://git.kernel.org/stable/c/51c32ae7fae14552d79f7139614b77c1bbd57a48
https://git.kernel.org/stable/c/63da961381e0d979459dede713001f8452364477
https://git.kernel.org/stable/c/7ac58d8832802ec89baa7539e13e6d58a88cce04
https://git.kernel.org/stable/c/cc1b179f778f98270bdbbb48d183b4b6427ae198

History

Wed, 27 May 2026 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362 CWE-367

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() ocelot_port_xmit_inj() calls ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock. Both functions contain lockdep_assert_held() for the injection lock, and the correct caller felix_port_deferred_xmit() properly acquires the lock using ocelot_lock_inj_grp() before calling these functions. Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register injection path to fix the missing lock protection. The FDMA path is not affected as it uses its own locking mechanism.
Title		net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/026f6513c5880c2c89e38ad66bbec2868f978605 https://git.kernel.org/stable/c/0b217a40156f497e09dd20d3f7baec40c785f386 https://git.kernel.org/stable/c/51c32ae7fae14552d79f7139614b77c1bbd57a48 https://git.kernel.org/stable/c/63da961381e0d979459dede713001f8452364477 https://git.kernel.org/stable/c/7ac58d8832802ec89baa7539e13e6d58a88cce04 https://git.kernel.org/stable/c/cc1b179f778f98270bdbbb48d183b4b6427ae198

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:15:15.494Z

Updated: 2026-05-27T12:15:15.494Z

Reserved: 2026-05-13T15:03:33.078Z

Link: CVE-2026-45849

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:56.850

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45849

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T17:00:17Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object