Description

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.

INFO

Published Date :

2024-10-21T18:02:27.820Z

Last Modified :

2025-11-03T22:24:03.908Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49982 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49982.

URL Resource
https://git.kernel.org/stable/c/07b418d50ccbbca7e5d87a3a0d41d436cefebf79 cve-icon cve-icon
https://git.kernel.org/stable/c/12f7b89dd72b25da4eeaa22097877963cad6418e cve-icon cve-icon
https://git.kernel.org/stable/c/6d6e54fc71ad1ab0a87047fd9c211e75d86084a3 cve-icon cve-icon
https://git.kernel.org/stable/c/8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58 cve-icon cve-icon
https://git.kernel.org/stable/c/89d9a69ae0c667e4d9d028028e2dcc837bae626f cve-icon cve-icon
https://git.kernel.org/stable/c/a786265aecf39015418e4f930cc1c14603a01490 cve-icon cve-icon
https://git.kernel.org/stable/c/acc5103a0a8c200a52af7d732c36a8477436a3d3 cve-icon cve-icon
https://git.kernel.org/stable/c/bc2cbf7525ac288e07d465f5a1d8cb8fb9599254 cve-icon cve-icon
https://git.kernel.org/stable/c/f63461af2c1a86af4217910e47a5c46e3372e645 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024102136-CVE-2024-49982-c6b7@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-49982 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-49982 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact