CVE-2024-26898

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts<br /> <br /> This patch is against CVE-2023-6270. The description of cve is:<br /> <br /> A flaw was found in the ATA over Ethernet (AoE) driver in the Linux<br /> kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on<br /> `struct net_device`, and a use-after-free can be triggered by racing<br /> between the free on the struct and the access through the `skbtxq`<br /> global queue. This could lead to a denial of service condition or<br /> potential code execution.<br /> <br /> In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial<br /> code is finished. But the net_device ifp will still be used in<br /> later tx()-&gt;dev_queue_xmit() in kthread. Which means that the<br /> dev_put(ifp) should NOT be called in the success path of skb<br /> initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into<br /> use-after-free because the net_device is freed.<br /> <br /> This patch removed the dev_put(ifp) in the success path in<br /> aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().