CVE-2024-27063

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> leds: trigger: netdev: Fix kernel panic on interface rename trig notify<br /> <br /> Commit d5e01266e7f5 ("leds: trigger: netdev: add additional specific link<br /> speed mode") in the various changes, reworked the way to set the LINKUP<br /> mode in commit cee4bd16c319 ("leds: trigger: netdev: Recheck<br /> NETDEV_LED_MODE_LINKUP on dev rename") and moved it to a generic function.<br /> <br /> This changed the logic where, in the previous implementation the dev<br /> from the trigger event was used to check if the carrier was ok, but in<br /> the new implementation with the generic function, the dev in<br /> trigger_data is used instead.<br /> <br /> This is problematic and cause a possible kernel panic due to the fact<br /> that the dev in the trigger_data still reference the old one as the<br /> new one (passed from the trigger event) still has to be hold and saved<br /> in the trigger_data struct (done in the NETDEV_REGISTER case).<br /> <br /> On calling of get_device_state(), an invalid net_dev is used and this<br /> cause a kernel panic.<br /> <br /> To handle this correctly, move the call to get_device_state() after the<br /> new net_dev is correctly set in trigger_data (in the NETDEV_REGISTER<br /> case) and correctly parse the new dev.