CVE-2022-49808: 
Linux Debian vulnerability analysis and mitigation

CVE-2022-49808 affects the Linux kernel and involves a vulnerability related to tagger-owned storage leakage during switch driver unbind in the DSA (Distributed Switch Architecture) subsystem. The issue was discovered and reported on May 1, 2025 (NVD, Wiz).

The vulnerability stems from an issue in the network DSA subsystem where tagger-owned storage is not properly freed during switch driver unbind operations. The issue originated from changes in the initial commit dc452a471dba which introduced tagger-owned storage for private and shared data. While the tag_ops->disconnect(dst) call was previously issued from dsa_tree_free() at tree teardown time, subsequent reworking of the connection process to individual switches within the tree left the normal driver teardown code path without proper cleanup (NVD, Red Hat).

The vulnerability results in a memory leak condition when unbinding switch drivers in the Linux kernel's DSA subsystem. This could potentially lead to resource exhaustion over time if the affected operations are performed repeatedly (Wiz).

The issue has been resolved by adding a function that performs the opposite operation of dsa_switch_setup_tag_protocol(), which is called from the equivalent spot in dsa_switch_teardown(). The fix ensures proper cleanup sequence and prevents use-after-free conditions in tagging protocol operations (Wiz).