PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-22982 Linux CVE debrief

A Linux kernel vulnerability was resolved, affecting the ocelot driver. The vulnerability could cause a crash when adding an interface under a lag. This issue specifically affects the ocelot_vsc7514.c frontend, which leaves unused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as it uses the DSA framework which registers all ports. Linux kernel users and administrators should review their systems for potential exposure, focusing on ocelot driver usage and system log reviews for crash reports.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-23
Original CVE updated
2026-07-14
Advisory published
2026-01-23
Advisory updated
2026-07-14

Who should care

Linux kernel users and administrators who use the ocelot driver should review their systems for potential exposure. They should check if their systems use the ocelot driver and are affected by this vulnerability. Reviewing system logs for crash reports related to ocelot driver crashes is also recommended. Additionally, they should verify Linux kernel configurations for ocelot driver usage and perform vulnerability management reviews for affected systems.

Technical summary

The ocelot_set_aggr_pgids() function in the ocelot driver has similar logic to the lan966x driver and is susceptible to a crash caused by a NULL pointer dereference. This issue specifically affects the ocelot_vsc7514.c frontend, which leaves unused ports as NULL pointers. The fix involves checking if the port pointer is valid before accessing it. Additionally, the ocelot driver requires careful review of system logs for crash reports related to ocelot driver crashes when adding interfaces under a lag. Linux kernel users and administrators should review their systems for potential exposure, focusing on ocelot driver usage.

Defensive priority

Medium

Recommended defensive actions

  • Review Linux kernel versions for potential exposure
  • Apply patches from Linux kernel maintainers
  • Monitor system logs for crash reports
  • Verify Linux kernel configurations for ocelot driver usage
  • Check for ocelot_vsc7514.c frontend usage in the environment
  • Perform vulnerability management reviews for affected systems
  • Track exceptions and retest remediated assets

Evidence notes

The CVE record was published on 2026-01-23T16:15:54.223Z and has not been modified since then. The NVD entry is currently Modified. Evidence is limited to CVE and NVD details. Defenders should verify Linux kernel versions for potential exposure, review system logs for crash reports related to ocelot driver crashes, and check for ocelot_vsc7514.c frontend usage in the environment. Further verification tasks are needed due to limited source detail.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-23T16:15:54.223Z and has not been modified since then.