What is GHSA-v32h-7447-3j7r?

GHSA-v32h-7447-3j7r is a security advisory published by GitHub Security Advisories with unknown severity. In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add...

Which CVE IDs does GHSA-v32h-7447-3j7r cover?

GHSA-v32h-7447-3j7r covers the following CVE IDs: CVE-2026-45849. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-v32h-7447-3j7runknown

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-45849 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()

ocelot_port_xmit_inj() calls ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock. Both functions contain lockdep_assert_held() for the injection lock, and the correct caller felix_port_deferred_xmit() properly acquires the lock using ocelot_lock_inj_grp() before calling these functions.

Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register injection path to fix the missing lock protection. The FDMA path is not affected as it uses its own locking mechanism.

🔗 References (8)

https://nvd.nist.gov/vuln/detail/CVE-2026-45849
https://git.kernel.org/stable/c/026f6513c5880c2c89e38ad66bbec2868f978605
https://git.kernel.org/stable/c/0b217a40156f497e09dd20d3f7baec40c785f386
https://git.kernel.org/stable/c/51c32ae7fae14552d79f7139614b77c1bbd57a48
https://git.kernel.org/stable/c/63da961381e0d979459dede713001f8452364477
https://git.kernel.org/stable/c/7ac58d8832802ec89baa7539e13e6d58a88cce04
https://git.kernel.org/stable/c/cc1b179f778f98270bdbbb48d183b4b6427ae198
https://github.com/advisories/GHSA-v32h-7447-3j7r