CVE-2024-26898

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26898

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26898.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-26898

Downstream

BELL-CVE-2024-26898

DEBIAN-CVE-2024-26898

DLA-3840-1

DLA-3842-1

DSA-5681-1

OESA-2024-1535

OESA-2024-1541

OESA-2024-1618

OESA-2024-1619

OESA-2024-1620

OESA-2024-1621

SUSE-SU-2024:1641-1

SUSE-SU-2024:1642-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:1645-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1647-1

SUSE-SU-2024:1650-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:1669-1

SUSE-SU-2024:1870-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:4038-1

Related

Published

2024-04-17T11:15:10Z

Modified

2025-08-09T20:01:27Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

aoe: fix the potential use-after-free problem in aoecmdcfgpkts

This patch is against CVE-2023-6270. The description of cve is:

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmdcfgpkts() function improperly updates the refcnt on struct net_device, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to a denial of service condition or potential code execution.

In aoecmdcfgpkts(), it always calls devput(ifp) when skb initial code is finished. But the netdevice ifp will still be used in later tx()->devqueuexmit() in kthread. Which means that the devput(ifp) should NOT be called in the success path of skb initial code in aoecmdcfgpkts(). Otherwise tx() may run into use-after-free because the netdevice is freed.

This patch removed the devput(ifp) in the success path in aoecmdcfgpkts(), and added devput() after skb xmit in tx().

References

Affected packages