Overview
- Description
- In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-416
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8846BE7-5AEC-4A74-8E34-0FE8B1205194",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.10.214"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41952CCA-3B42-425D-A5FF-DE2474EC8369",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.153"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "161F9759-367F-4944-B666-215896634DCA",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "6.1.83"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45944AD8-B4B6-4255-83BA-8A6750FEE47B",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "6.6.23"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DF20568-DF11-4303-9FA2-3DA7F6C84BD3",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "6.7.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "158EBA02-95B5-4E0A-85BC-1EAC91B085F6",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "6.9"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "6.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:4.19.311:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70FB9763-2A30-46A0-8FC0-C8152849C55A"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.4.273:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "517FA340-6242-490E-A71D-B855DEF4C620"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
}
],
"operator": "OR"
}
]
}
]