{"id":"AZL-78461","summary":"CVE-2026-22982 affecting package kernel for versions less than 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: Fix crash when adding interface under a lag\n\nCommit 15faa1f67ab4 (\"lan966x: Fix crash when adding interface under a lag\")\nfixed a similar issue in the lan966x driver caused by a NULL pointer dereference.\nThe ocelot_set_aggr_pgids() function in the ocelot driver has similar logic\nand is susceptible to the same crash.\n\nThis issue specifically affects the ocelot_vsc7514.c frontend, which leaves\nunused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as\nit uses the DSA framework which registers all ports.\n\nFix this by checking if the port pointer is valid before accessing it.","modified":"2026-04-01T05:23:15.099652Z","published":"2026-01-23T16:15:54Z","upstream":["CVE-2026-22982"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22982"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78461.json"}}],"schema_version":"1.7.5"}