Executive Summary

Informations
Name CVE-2024-26898 First vendor Publication 2024-04-17
Vendor Cve Last vendor Modification 2024-04-29

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7.8
Base Score 7.8 Environmental Score 7.8
impact SubScore 5.9 Temporal Score 7.8
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

This patch is against CVE-2023-6270. The description of cve is:

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux
kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on
`struct net_device`, and a use-after-free can be triggered by racing
between the free on the struct and the access through the `skbtxq`
global queue. This could lead to a denial of service condition or
potential code execution.

In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is finished. But the net_device ifp will still be used in later tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should NOT be called in the success path of skb initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-after-free because the net_device is freed.

This patch removed the dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26898

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-416 Use After Free

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3562

Sources (Detail)

https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c
https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881
https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa
https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4
https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e
https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99
https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62
https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662
https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2024-04-30 00:27:44
  • Multiple Updates
2024-04-17 17:28:31
  • First insertion