{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\n\nThis patch is against CVE-2023-6270. The description of cve is:\n\n A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n `struct net_device`, and a use-after-free can be triggered by racing\n between the free on the struct and the access through the `skbtxq`\n global queue. This could lead to a denial of service condition or\n potential code execution.\n\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()->dev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\n\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx()." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/block/aoe/aoecmd.c", "drivers/block/aoe/aoenet.c" ], "versions": [ { "version": "7562f876cd93", "lessThan": "ad80c34944d7", "status": "affected", "versionType": "git" }, { "version": "7562f876cd93", "lessThan": "1a54aa506b3b", "status": "affected", "versionType": "git" }, { "version": "7562f876cd93", "lessThan": "faf0b4c5e00b", "status": "affected", "versionType": "git" }, { "version": "7562f876cd93", "lessThan": "7dd09fa80b07", "status": "affected", "versionType": "git" }, { "version": "7562f876cd93", "lessThan": "74ca3ef68d2f", "status": "affected", "versionType": "git" }, { "version": "7562f876cd93", "lessThan": "eb48680b0255", "status": "affected", "versionType": "git" }, { "version": "7562f876cd93", "lessThan": "079cba4f4e30", "status": "affected", "versionType": "git" }, { "version": "7562f876cd93", "lessThan": "a16fbb800646", "status": "affected", "versionType": "git" }, { "version": "7562f876cd93", "lessThan": "f98364e92662", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/block/aoe/aoecmd.c", "drivers/block/aoe/aoenet.c" ], "versions": [ { "version": "2.6.22", "status": "affected" }, { "version": "0", "lessThan": "2.6.22", "status": "unaffected", "versionType": "custom" }, { "version": "4.19.311", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.4.273", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.10.214", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.15.153", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99" }, { "url": "https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881" }, { "url": "https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65" }, { "url": "https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4" }, { "url": "https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa" }, { "url": "https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62" }, { "url": "https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c" }, { "url": "https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e" }, { "url": "https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662" } ], "title": "aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts", "x_generator": { "engine": "bippy-a5840b7849dd" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2024-26898", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }