Erez Geva

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free error during reset in the igb driver. This occurs when the `next to watch` descriptor is not properly cleaned while cleaning the TX ring, leading to invalid memory accesses. If `igb poll()` runs while the controller is reset, it can cause the driver to attempt to free a `skb` that was already freed. The crash is harder to reproduce with the igb driver, but the same potential problem exists as the code is identical to igc. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 5.10.30-rt37-tsn1-rt-ipipe **Description** The vulnerability is a use-after-free error that occurs during the reset of the igc driver. This error can cause the driver to attempt to free a socket buffer (skb) that has already been freed, leading to invalid memory accesses. The issue arises when the `igc poll()` function runs while the controller is being reset, and the `next to watch` descriptor is not properly cleaned. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, ensure that the `igc` driver is updated to properly clean the `next to watch` descriptor during the reset process. At the moment, there is no information about a newer version that contains a fix for this vulnerability.