First published: Sat Mar 02 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravb_tx_timeout_work() The ravb_stop() should call cancel_work_sync(). Otherwise, ravb_tx_timeout_work() is possible to use the freed priv after ravb_remove() was called like below: CPU0 CPU1 ravb_tx_timeout() ravb_remove() unregister_netdev() free_netdev(ndev) // free priv ravb_tx_timeout_work() // use priv unregister_netdev() will call .ndo_stop() so that ravb_stop() is called. And, after phy_stop() is called, netif_carrier_off() is also called. So that .ndo_tx_timeout() will not be called after phy_stop().
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=4.2<5.4.259 | |
Linux Linux kernel | >=5.5<5.10.199 | |
Linux Linux kernel | >=5.11<5.15.136 | |
Linux Linux kernel | >=5.16<6.1.59 | |
Linux Linux kernel | >=6.2<6.5.8 | |
Linux Linux kernel | =6.6-rc1 | |
Linux Linux kernel | =6.6-rc2 | |
Linux Linux kernel | =6.6-rc3 | |
Linux Linux kernel | =6.6-rc4 | |
Linux Linux kernel | =6.6-rc5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.