Skip to main content

Linux Kernel EUVDEUVD-2026-32315

| CVE-2026-45849 MEDIUM
Improper Locking (CWE-667)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-v32h-7447-3j7r
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access with low privileges required to trigger the driver race; impact is availability-only kernel crash with no confidentiality or integrity exposure.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:12 vuln.today
CVSS changed
Jun 25, 2026 - 21:07 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:16 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()

ocelot_port_xmit_inj() calls ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock. Both functions contain lockdep_assert_held() for the injection lock, and the correct caller felix_port_deferred_xmit() properly acquires the lock using ocelot_lock_inj_grp() before calling these functions.

Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register injection path to fix the missing lock protection. The FDMA path is not affected as it uses its own locking mechanism.

AnalysisAI

Improper locking in the Linux kernel's Microsemi Ocelot network switch driver (net/mscc/ocelot) allows a local low-privileged user on hardware running Ocelot switch chips to trigger a race condition in ocelot_port_xmit_inj(), potentially causing a kernel panic or system crash. Affected stable branches span 6.1.107-6.1.164, 6.6.48-6.6.127, and 6.10.7 through 6.11 release candidates, with patches confirmed in 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, and 7.0. No public exploit identified at time of analysis; EPSS at 0.02% (7th percentile) reflects extremely low exploitation probability, consistent with the hardware-specific trigger requirement and local-only attack vector.

Technical ContextAI

The affected code resides in net/mscc/ocelot, the Linux kernel driver for Microsemi (MSCC) Ocelot Ethernet switch-on-chip devices, covering CPE cpe:2.3:o:linux:linux_kernel. The root cause is CWE-667 (Improper Locking): ocelot_port_xmit_inj() calls ocelot_can_inject() and ocelot_port_inject_frame() without first acquiring the injection group lock via ocelot_lock_inj_grp(). Both callees contain lockdep_assert_held() assertions for the injection lock, meaning the kernel's own lock dependency validator identifies this as a locking protocol violation at runtime. The sibling function felix_port_deferred_xmit() correctly wraps these same calls with the lock, making the inconsistency in ocelot_port_xmit_inj() clear from code review. The FDMA injection path is unaffected because it uses a separate locking mechanism. The fix adds ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register injection path in the vulnerable function.

RemediationAI

Update to a patched Linux kernel stable release: 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0 depending on your distribution's supported branch. Distribution maintainers (Debian, Ubuntu, Red Hat, SUSE) should incorporate these upstream stable commits. Systems without Microsemi Ocelot hardware are entirely unaffected and require no action. If immediate patching is not feasible on affected Ocelot-equipped systems, restrict local shell access to trusted users only, since the attack vector is AV:L/PR:L - eliminating untrusted local accounts removes all practical attack surface. Disabling the mscc_ocelot kernel module (modprobe -r mscc_ocelot) would prevent the vulnerable code path from being reachable at the cost of losing Ocelot switch functionality. Upstream fix commits are available directly from git.kernel.org stable references listed above.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

EUVD-2026-32315 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy