Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:aoe: fix the potential use-after-free problem in more placesFor fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potentialuse-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put()instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runsinto use-after-free.Then Nicolai Stange found more places in aoe have potential use-after-freeproblem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to pushpacket to tx queue. So they should also use dev_hold() to increase therefcnt of skb->dev.On the other hand, moving dev_put() to tx() causes that the refcnt ofskb->dev be reduced to a negative value, because correspondingdev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(),probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.
No PoCs from references.
- https://github.com/w4zu/Debian_security