CVE-2024-26898

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd cfg pkts() function improperly updates the refcnt on struct net device, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to a denial of service condition or potential code execution. In aoecmd cfg pkts(), it always calls dev put(ifp) when skb initial code is finished. But the net device ifp will still be used in later tx()->dev queue xmit() in kthread. Which means that the dev put(ifp) should NOT be called in the success path of skb initial code in aoecmd cfg pkts(). Otherwise tx() may run into use-after-free because the net device is freed. This patch removed the dev put(ifp) in the success path in aoecmd cfg pkts(), and added dev put() after skb xmit in tx().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.