Showing 1 - 4 of 4

CVE-2024-26898

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is finished. But the net_device ifp will still be used in later tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should NOT be called in the success path of skb initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-after-free because the net_device is freed. This patch removed the dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().

Related Files

Ubuntu Security Notice USN-6866-3: Posted Jul 11, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6866-3 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, arbitrary, kernel; systems | linux, ubuntu; advisories | CVE-2021-33631, CVE-2021-47063, CVE-2022-0001, CVE-2023-6270, CVE-2024-2201, CVE-2024-23307, CVE-2024-24861, CVE-2024-26720, CVE-2024-26898; SHA-256 | cd531bd98e8b9bc6399b28fcdad6313e6b25ed3910dd56bf9af73db0843fc2b2; Download | Favorite | View

Ubuntu Security Notice USN-6866-2: Posted Jul 5, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6866-2 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, arbitrary, kernel; systems | linux, ubuntu; advisories | CVE-2021-33631, CVE-2021-47063, CVE-2022-0001, CVE-2023-6270, CVE-2024-2201, CVE-2024-23307, CVE-2024-24861, CVE-2024-26720, CVE-2024-26898; SHA-256 | c2451c35c4f65c3753b0fcc6bbcbc31cf6e73e7ae847a31805b297f8c452e962; Download | Favorite | View

Ubuntu Security Notice USN-6866-1: Posted Jul 4, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6866-1 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, arbitrary, kernel; systems | linux, ubuntu; advisories | CVE-2021-33631, CVE-2021-47063, CVE-2022-0001, CVE-2023-6270, CVE-2024-2201, CVE-2024-23307, CVE-2024-24861, CVE-2024-26720, CVE-2024-26898; SHA-256 | a65af3943392f41a1f25fbd47f49e95bd580bdcb4dd7f0b1758fd82d6b6b6921; Download | Favorite | View

Ubuntu Security Notice USN-6865-1: Posted Jul 4, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6865-1 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.; tags | advisory, denial of service, arbitrary, kernel; systems | linux, ubuntu; advisories | CVE-2021-33631, CVE-2022-0001, CVE-2023-6270, CVE-2024-2201, CVE-2024-23307, CVE-2024-24861, CVE-2024-26898; SHA-256 | 6364780b1fc74e18429c1df704b6975dccfb0ef136fec0a55ad4192decc3c852; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 253 files
Ubuntu 83 files
Gentoo 29 files
indoushka 26 files
Debian 10 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
Google Security Research 2 files
S. Dietz 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

CVE-2024-26898

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems