CVE-2024-26898

CVE Details

Release Date:

2024-04-17

Description

In the Linux kernel, the following vulnerability has been resolved:\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\nThis patch is against CVE-2023-6270. The description of cve is:\nA flaw was found in the ATA over Ethernet (AoE) driver in the Linux\nkernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n`struct net_device`, and a use-after-free can be triggered by racing\nbetween the free on the struct and the access through the `skbtxq`\nglobal queue. This could lead to a denial of service condition or\npotential code execution.\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()->dev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().

See more information about CVE-2024-26898 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	4.4
Vector String:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	High
User Interaction:	None
Scope:	Unchanged
Confidentiality:	None
Integrity:	None
Availability:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 6 (kernel-uek)	ELSA-2024-12851	2024-11-27
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12851	2024-11-27
Oracle VM version 3 (kernel-uek)	OVMSA-2024-0016	2024-12-03