CVE-2026-45849
Awaiting Analysis Awaiting Analysis - Queue
Race Condition in Linux Kernel Ocelot Network Switch

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() ocelot_port_xmit_inj() calls ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock. Both functions contain lockdep_assert_held() for the injection lock, and the correct caller felix_port_deferred_xmit() properly acquires the lock using ocelot_lock_inj_grp() before calling these functions. Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register injection path to fix the missing lock protection. The FDMA path is not affected as it uses its own locking mechanism.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45849
EUVD
EUVD-2026-32315
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mscc ocelot *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability involves missing lock protection in the Linux kernel's mscc ocelot driver during certain function calls related to packet injection. Without proper locking, there could be race conditions or data corruption when multiple threads access the injection group concurrently. This could potentially lead to instability or unexpected behavior in network packet transmission on affected systems.

Executive Summary

This vulnerability exists in the Linux kernel's mscc ocelot driver, specifically in the function ocelot_port_xmit_inj(). The issue is that this function calls ocelot_can_inject() and ocelot_port_inject_frame() without holding the required injection group lock. Both of these functions expect the injection lock to be held, as indicated by their lockdep_assert_held() checks.

The correct behavior, as seen in the caller felix_port_deferred_xmit(), is to acquire the injection lock using ocelot_lock_inj_grp() before calling these functions. The vulnerability was fixed by adding the missing lock acquisition and release (ocelot_lock_inj_grp()/ocelot_unlock_inj_grp()) around the register injection path. The FDMA path is unaffected because it uses a different locking mechanism.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the missing lock protection in ocelot_port_xmit_inj() has been fixed.

Specifically, the fix involves adding ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() calls around the register injection path to properly protect the injection group lock.

Since the FDMA path is not affected, focus on applying the patch or update that addresses the locking issue in the ocelot driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45849. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart