CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.9%
In the Linux kernel, the following vulnerability has been resolved: aoe:
fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is
against CVE-2023-6270. The description of cve is: A flaw was found in the
ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts()
function improperly updates the refcnt on struct net_device
, and a
use-after-free can be triggered by racing between the free on the struct
and the access through the skbtxq
global queue. This could lead to a
denial of service condition or potential code execution. In
aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is
finished. But the net_device ifp will still be used in later
tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should
NOT be called in the success path of skb initial code in aoecmd_cfg_pkts().
Otherwise tx() may run into use-after-free because the net_device is freed.
This patch removed the dev_put(ifp) in the success path in
aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().
Author | Note |
---|---|
rodrigo-zaiden | duplicate of CVE-2023-6270. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-226.238 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-189.209 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-112.122 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-44.44 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-256.290 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1169.182 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1128.138 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1063.69 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1009.9 | UNKNOWN |
git.kernel.org/linus/f98364e926626c678fb4b9004b75cacf92ff0662 (6.9-rc1)
git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c
git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881
git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa
git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4
git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e
git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99
git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62
git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662
git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65
launchpad.net/bugs/cve/CVE-2024-26898
nvd.nist.gov/vuln/detail/CVE-2024-26898
security-tracker.debian.org/tracker/CVE-2024-26898
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
ubuntu.com/security/notices/USN-6820-1
ubuntu.com/security/notices/USN-6820-2
ubuntu.com/security/notices/USN-6821-1
ubuntu.com/security/notices/USN-6821-2
ubuntu.com/security/notices/USN-6821-3
ubuntu.com/security/notices/USN-6821-4
ubuntu.com/security/notices/USN-6828-1
ubuntu.com/security/notices/USN-6865-1
ubuntu.com/security/notices/USN-6866-1
ubuntu.com/security/notices/USN-6866-2
ubuntu.com/security/notices/USN-6866-3
ubuntu.com/security/notices/USN-6871-1
ubuntu.com/security/notices/USN-6878-1
ubuntu.com/security/notices/USN-6892-1
ubuntu.com/security/notices/USN-6895-1
ubuntu.com/security/notices/USN-6895-2
ubuntu.com/security/notices/USN-6895-3
ubuntu.com/security/notices/USN-6896-1
ubuntu.com/security/notices/USN-6896-2
ubuntu.com/security/notices/USN-6896-3
ubuntu.com/security/notices/USN-6896-4
ubuntu.com/security/notices/USN-6896-5
ubuntu.com/security/notices/USN-6900-1
ubuntu.com/security/notices/USN-6919-1
www.cve.org/CVERecord?id=CVE-2024-26898