PatchSiren cyber security CVE debrief
CVE-2026-22982 Linux CVE debrief
A Linux kernel vulnerability was resolved, affecting the ocelot driver. The vulnerability could cause a crash when adding an interface under a lag. This issue specifically affects the ocelot_vsc7514.c frontend, which leaves unused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as it uses the DSA framework which registers all ports. Linux kernel users and administrators should review their systems for potential exposure, focusing on ocelot driver usage and system log reviews for crash reports.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-23
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-01-23
- Advisory updated
- 2026-07-14
Who should care
Linux kernel users and administrators who use the ocelot driver should review their systems for potential exposure. They should check if their systems use the ocelot driver and are affected by this vulnerability. Reviewing system logs for crash reports related to ocelot driver crashes is also recommended. Additionally, they should verify Linux kernel configurations for ocelot driver usage and perform vulnerability management reviews for affected systems.
Technical summary
The ocelot_set_aggr_pgids() function in the ocelot driver has similar logic to the lan966x driver and is susceptible to a crash caused by a NULL pointer dereference. This issue specifically affects the ocelot_vsc7514.c frontend, which leaves unused ports as NULL pointers. The fix involves checking if the port pointer is valid before accessing it. Additionally, the ocelot driver requires careful review of system logs for crash reports related to ocelot driver crashes when adding interfaces under a lag. Linux kernel users and administrators should review their systems for potential exposure, focusing on ocelot driver usage.
Defensive priority
Medium
Recommended defensive actions
- Review Linux kernel versions for potential exposure
- Apply patches from Linux kernel maintainers
- Monitor system logs for crash reports
- Verify Linux kernel configurations for ocelot driver usage
- Check for ocelot_vsc7514.c frontend usage in the environment
- Perform vulnerability management reviews for affected systems
- Track exceptions and retest remediated assets
Evidence notes
The CVE record was published on 2026-01-23T16:15:54.223Z and has not been modified since then. The NVD entry is currently Modified. Evidence is limited to CVE and NVD details. Defenders should verify Linux kernel versions for potential exposure, review system logs for crash reports related to ocelot driver crashes, and check for ocelot_vsc7514.c frontend usage in the environment. Further verification tasks are needed due to limited source detail.
Official resources
-
CVE-2026-22982 CVE record
CVE.org
-
CVE-2026-22982 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-23T16:15:54.223Z and has not been modified since then.