CVE-2024-50059

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use after free vulnerability in the switchtec ntb remove() function due to a race condition. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when the switchtec ntb add function calls switchtec ntb init sndev, which binds &sndev->check link status work with check link status work. If the module is removed, switchtec ntb remove is called, freeing sndev through kfree(sndev), while the aforementioned work is still being used. The sequence of operations that may lead to a UAF bug involves concurrent execution of check link status work and switchtec ntb remove. To fix this, it is necessary to ensure that the work is canceled before proceeding with the cleanup in switchtec ntb remove.

Recommendations To resolve the issue, ensure that the work is canceled before proceeding with the cleanup in switchtec ntb remove. As a temporary workaround, consider disabling the check link status work function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the sndev variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.