CVE-2024-42108
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42108
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42108.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-42108
- Downstream
- Published
- 2024-07-30T07:46:03Z
- Modified
- 2025-10-17T09:24:31.588351Z
- Summary
- net: rswitch: Avoid use-after-free in rswitch_poll()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: rswitch: Avoid use-after-free in rswitch_poll()
The use-after-free is actually in rswitchtxfree(), which is inlined in rswitchpoll(). Since
skbandgq->skbs[gq->dirty]are in fact the same pointer, the skb is first freed using devkfreeskbany(), then the value in skb->len is used to update the interface statistics.Let's move around the instructions to use skb->len before the skb is freed.
This bug is trivial to reproduce using KFENCE. It will trigger a splat every few packets. A simple ARP request or ICMP echo request is enough.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0aeec4bb6a9fc963932bf3c929bdf27d835d44e9Fixed4a41bb9f2b402469d425a1c13359d3b3ea4e6403
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced271e015b91535dd87fd0f5df0cc3b906c2eddef9Fixed92cbbe7759193e3418f38d0d73f8fe125312c58b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced271e015b91535dd87fd0f5df0cc3b906c2eddef9Fixed9a0c28efeec6383ef22e97437616b920e7320b67
Affected versions
v6.*
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.7
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7
v6.9.8