Linux Kernel VLAN Deletion Error on Unsupported MST

A vulnerability in the Linux kernel's networking component, specifically within the DSA (Distributed Switch Architecture) layer for the mv88e6xxx switch driver, has been addressed. The issue arose when deleting a bridge VLAN from a user port on certain hardware, leading to a failure with an -ENOENT error. This problem was reported by Russell King and is linked to the mv88e6xxx_port_vlan_leave() function, which attempts to retrieve an MST (Multiple Spanning Tree) entry but fails, returning -ENOENT. The root cause is that the mv88e6xxx switch chip does not support MST, yet the deletion process incorrectly relies on uninitialized memory, resulting in the error. The vulnerability affects specific implementations of the mv88e6xxx driver that do not properly handle VLAN deletions for chips lacking MST support.

Impact

The vulnerability could lead to incorrect handling of VLAN deletions, causing operations to fail unexpectedly with an -ENOENT error, which may disrupt network configurations and management.

Reproduction

To reproduce this issue, attempt to delete a bridge VLAN from a user port on a device using the mv88e6xxx switch driver, specifically on a chip version that does not support MST. The operation will fail with an -ENOENT error, indicating that the expected MST entry could not be found, highlighting the vulnerability in handling VLAN deletions for unsupported configurations.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.