Linux Kernel NULL Pointer Dereference Vulnerability in MSCC Ocelot Driver

A vulnerability has been identified in the Linux kernel's MSCC Ocelot driver, specifically in the ocelot_vsc7514.c frontend. This issue arises from a NULL pointer dereference when adding an interface under a Link Aggregation Group (LAG). The problem occurs because unused ports are left as NULL pointers, leading to a crash. The ocelot_set_aggr_pgids() function contains logic that can trigger this crash, similar to a previously resolved issue in the lan966x driver. In contrast, the felix_vsc9959.c frontend is not affected, as it utilizes the DSA framework to register all ports.

Impact

Exploitation of this vulnerability causes a system crash due to a NULL pointer dereference, disrupting normal operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, add an interface under a Link Aggregation Group (LAG) while using the ocelot_vsc7514.c frontend. The process will trigger a system crash due to a NULL pointer dereference, as the frontend leaves unused ports as NULL pointers.

Remediation

The vulnerability has been addressed by modifying the ocelot_set_aggr_pgids() function to check the validity of port pointers before accessing them. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.