CVE-2024-50276

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: vertexcom: mse102x: Fix possible double free of TX skb<br /> <br /> The scope of the TX skb is wider than just mse102x_tx_frame_spi(),<br /> so in case the TX skb room needs to be expanded, we should free the<br /> the temporary skb instead of the original skb. Otherwise the original<br /> TX skb pointer would be freed again in mse102x_tx_work(), which leads<br /> to crashes:<br /> <br /> Internal error: Oops: 0000000096000004 [#2] PREEMPT SMP<br /> CPU: 0 PID: 712 Comm: kworker/0:1 Tainted: G D 6.6.23<br /> Hardware name: chargebyte Charge SOM DC-ONE (DT)<br /> Workqueue: events mse102x_tx_work [mse102x]<br /> pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : skb_release_data+0xb8/0x1d8<br /> lr : skb_release_data+0x1ac/0x1d8<br /> sp : ffff8000819a3cc0<br /> x29: ffff8000819a3cc0 x28: ffff0000046daa60 x27: ffff0000057f2dc0<br /> x26: ffff000005386c00 x25: 0000000000000002 x24: 00000000ffffffff<br /> x23: 0000000000000000 x22: 0000000000000001 x21: ffff0000057f2e50<br /> x20: 0000000000000006 x19: 0000000000000000 x18: ffff00003fdacfcc<br /> x17: e69ad452d0c49def x16: 84a005feff870102 x15: 0000000000000000<br /> x14: 000000000000024a x13: 0000000000000002 x12: 0000000000000000<br /> x11: 0000000000000400 x10: 0000000000000930 x9 : ffff00003fd913e8<br /> x8 : fffffc00001bc008<br /> x7 : 0000000000000000 x6 : 0000000000000008<br /> x5 : ffff00003fd91340 x4 : 0000000000000000 x3 : 0000000000000009<br /> x2 : 00000000fffffffe x1 : 0000000000000000 x0 : 0000000000000000<br /> Call trace:<br /> skb_release_data+0xb8/0x1d8<br /> kfree_skb_reason+0x48/0xb0<br /> mse102x_tx_work+0x164/0x35c [mse102x]<br /> process_one_work+0x138/0x260<br /> worker_thread+0x32c/0x438<br /> kthread+0x118/0x11c<br /> ret_from_fork+0x10/0x20<br /> Code: aa1303e0 97fffab6 72001c1f 54000141 (f9400660)