CVE-2024-49982

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-49982
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49982.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-49982
Downstream
Related
Published
2024-10-21T18:02:27.820Z
Modified
2026-03-11T07:53:23.071679139Z
Summary
aoe: fix the potential use-after-free problem in more places
Details

In the Linux kernel, the following vulnerability has been resolved:

aoe: fix the potential use-after-free problem in more places

For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmdcfgpkts") makes tx() calling devput() instead of doing in aoecmdcfg_pkts(). It avoids that the tx() runs into use-after-free.

Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmdatarw(), resend(), probe() and aoecmdcfgrsp(). Those functions also use aoenetxmit() to push packet to tx queue. So they should also use devhold() to increase the refcnt of skb->dev.

On the other hand, moving devput() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding devhold() are not called in revalidate(), aoecmdatarw(), resend(), probe(), and aoecmdcfgrsp(). This patch fixed this issue.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49982.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ad80c34944d7175fa1f5c7a55066020002921a99
Fixed
12f7b89dd72b25da4eeaa22097877963cad6418e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1a54aa506b3b2f31496731039e49778f54eee881
Fixed
a786265aecf39015418e4f930cc1c14603a01490
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
faf0b4c5e00bb680e8e43ac936df24d3f48c8e65
Fixed
f63461af2c1a86af4217910e47a5c46e3372e645
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4
Fixed
07b418d50ccbbca7e5d87a3a0d41d436cefebf79
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
74ca3ef68d2f449bc848c0a814cefc487bf755fa
Fixed
bc2cbf7525ac288e07d465f5a1d8cb8fb9599254
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eb48680b0255a9e8a9bdc93d6a55b11c31262e62
Fixed
acc5103a0a8c200a52af7d732c36a8477436a3d3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f98364e926626c678fb4b9004b75cacf92ff0662
Fixed
89d9a69ae0c667e4d9d028028e2dcc837bae626f
Fixed
8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58
Fixed
6d6e54fc71ad1ab0a87047fd9c211e75d86084a3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
079cba4f4e307c69878226fdf5228c20aa1c969c
Last affected
a16fbb80064634b254520a46395e36b87ca4731e

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49982.json"