CVE-2024-42108

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the rswitch tx free() function, which is inlined in rswitch poll(). This occurs because skb and gq->skbs[gq->dirty] are the same pointer. The skb is first freed using dev kfree skb any(), and then the value in skb->len is used to update interface statistics. This bug can be easily reproduced using KFENCE and will trigger a splat every few packets, with a simple ARP request or ICMP echo request being enough to exploit it.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.