Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race ConditionIn the ether3_probe function, a timer is initialized with a callbackfunction ether3_ledoff, bound to &prev(dev)->timer. Once the timer isstarted, there is a risk of a race condition if the module or deviceis removed, triggering the ether3_remove function to perform cleanup.The sequence of operations that may lead to a UAF bug is as follows:CPU0 CPU1 | ether3_ledoffether3_remove | free_netdev(dev); | put_devic | kfree(dev); | | ether3_outw(priv(dev)->regs.config2 |= CFG2_CTRLO, REG_CONFIG2); | // use devFix it by ensuring that the timer is canceled before proceeding withthe cleanup in ether3_remove.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds