In the Linux kernel, the following vulnerability has been resolved:
net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()
ocelot_port_xmit_inj() calls ocelot_can_inject() and
ocelot_port_inject_frame() without holding the injection group lock.
Both functions contain lockdep_assert_held() for the injection lock,
and the correct caller felix_port_deferred_xmit() properly acquires
the lock using ocelot_lock_inj_grp() before calling these functions.
Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register
injection path to fix the missing lock protection. The FDMA path is not
affected as it uses its own locking mechanism.
net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()
ocelot_port_xmit_inj() calls ocelot_can_inject() and
ocelot_port_inject_frame() without holding the injection group lock.
Both functions contain lockdep_assert_held() for the injection lock,
and the correct caller felix_port_deferred_xmit() properly acquires
the lock using ocelot_lock_inj_grp() before calling these functions.
Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register
injection path to fix the missing lock protection. The FDMA path is not
affected as it uses its own locking mechanism.
Advisories
| Source | ID | Title |
|---|---|---|
Ubuntu USN |
USN-8492-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8492-2 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8497-1 | Linux kernel (Low Latency) vulnerabilities |
Ubuntu USN |
USN-8498-1 | Linux kernel (NVIDIA Tegra) vulnerabilities |
Ubuntu USN |
USN-8499-1 | Linux kernel (Xilinx) vulnerabilities |
Ubuntu USN |
USN-8492-3 | Linux kernel (Raspberry Pi Real-time) vulnerabilities |
Ubuntu USN |
USN-8492-4 | Linux kernel (Raspberry Pi) vulnerabilities |
Ubuntu USN |
USN-8492-5 | Linux kernel (FIPS) vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 28 May 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-362 CWE-367 |
Thu, 28 May 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-414 | |
| References |
|
Wed, 27 May 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-362 CWE-367 |
Wed, 27 May 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() ocelot_port_xmit_inj() calls ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock. Both functions contain lockdep_assert_held() for the injection lock, and the correct caller felix_port_deferred_xmit() properly acquires the lock using ocelot_lock_inj_grp() before calling these functions. Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register injection path to fix the missing lock protection. The FDMA path is not affected as it uses its own locking mechanism. | |
| Title | net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() | |
| First Time appeared |
Linux
Linux linux Kernel |
|
| CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Linux
Linux linux Kernel |
|
| References |
|
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2026-05-27T12:15:15.494Z
Reserved: 2026-05-13T15:03:33.078Z
Link: CVE-2026-45849
No data.
Status : Awaiting Analysis
Published: 2026-05-27T14:16:56.850
Modified: 2026-06-17T10:52:36.250
Link: CVE-2026-45849
OpenCVE Enrichment
Updated: 2026-05-28T17:45:22Z
Weaknesses
Ubuntu USN