CVE-2024-47747

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use after free vulnerability in the ether3 driver due to a race condition. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when a timer is initialized with a callback function ether3 ledoff in the ether3 probe function, and there is a risk of a race condition if the module or device is removed, triggering the ether3 remove function to perform cleanup.

Recommendations To resolve the issue, ensure that the timer is canceled before proceeding with the cleanup in the ether3 remove function. As a temporary workaround, consider disabling the ether3 ledoff function until a patch is available. Restrict access to the vulnerable ether3 driver to minimize the risk of exploitation. Update to a newer kernel version, such as 6.6.58, which fixes bugs and vulnerabilities.