CVE-2024-49982: aoe: fix the potential use-after-free problem in more places
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=5.10.214<5.10.227 | |
| Linux Linux kernel | >=5.15.153<5.15.168 | |
| Linux Linux kernel | >=6.1.83<6.1.113 | |
| Linux Linux kernel | >=6.6.23<6.6.55 | |
| Linux Linux kernel | >=6.7.11<6.8.2 | |
| Linux Linux kernel | >=6.9<6.10.14 | |
| Linux Linux kernel | >=6.11<6.11.3 | |
| Linux Linux kernel | =4.19.311 | |
| Linux Linux kernel | =5.4.273 | |
| Linux Linux kernel | =6.12-rc1 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/07b418d50ccbbca7e5d87a3a0d41d436cefebf79
- https://git.kernel.org/stable/c/12f7b89dd72b25da4eeaa22097877963cad6418e
- https://git.kernel.org/stable/c/6d6e54fc71ad1ab0a87047fd9c211e75d86084a3
- https://git.kernel.org/stable/c/8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58
- https://git.kernel.org/stable/c/89d9a69ae0c667e4d9d028028e2dcc837bae626f
- https://git.kernel.org/stable/c/a786265aecf39015418e4f930cc1c14603a01490
- https://git.kernel.org/stable/c/acc5103a0a8c200a52af7d732c36a8477436a3d3
- https://git.kernel.org/stable/c/bc2cbf7525ac288e07d465f5a1d8cb8fb9599254
- https://git.kernel.org/stable/c/f63461af2c1a86af4217910e47a5c46e3372e645
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49982
- https://nvd.nist.gov/vuln/detail/CVE-2024-49982
- https://launchpad.net/bugs/cve/CVE-2024-49982
- https://security-tracker.debian.org/tracker/CVE-2024-49982
- https://ubuntu.com/security/CVE-2024-49982
- https://git.kernel.org/linus/6d6e54fc71ad1ab0a87047fd9c211e75d86084a3
- agent/title
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/author
- agent/description
- agent/event
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.10.214
- version/linux linux kernel/5.15.153
- version/linux linux kernel/6.1.83
- version/linux linux kernel/6.6.23
- version/linux linux kernel/6.7.11
- version/linux linux kernel/6.9
- version/linux linux kernel/6.11
- version/linux linux kernel/4.19.311
- version/linux linux kernel/5.4.273
- version/linux linux kernel/6.12-rc1
- package-manager/debian