CVE-2024-47747

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition<br /> <br /> In the ether3_probe function, a timer is initialized with a callback<br /> function ether3_ledoff, bound to &amp;prev(dev)-&gt;timer. Once the timer is<br /> started, there is a risk of a race condition if the module or device<br /> is removed, triggering the ether3_remove function to perform cleanup.<br /> The sequence of operations that may lead to a UAF bug is as follows:<br /> <br /> CPU0 CPU1<br /> <br /> | ether3_ledoff<br /> ether3_remove |<br /> free_netdev(dev); |<br /> put_devic |<br /> kfree(dev); |<br /> | ether3_outw(priv(dev)-&gt;regs.config2 |= CFG2_CTRLO, REG_CONFIG2);<br /> | // use dev<br /> <br /> Fix it by ensuring that the timer is canceled before proceeding with<br /> the cleanup in ether3_remove.