| Description: | In the Linux kernel, the following vulnerability has been resolved:
aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This
patch is against CVE-2023-6270. The description of cve is: A flaw was
found in the ATA over Ethernet (AoE) driver in the Linux kernel. The
aoecmd_cfg_pkts() function improperly updates the refcnt on `struct
net_device`, and a use-after-free can be triggered by racing between
the free on the struct and the access through the `skbtxq` global
queue. This could lead to a denial of service condition or potential
code execution. In aoecmd_cfg_pkts(), it always calls dev_put(ifp)
when skb initial code is finished. But the net_device ifp will still
be used in later tx()->dev_queue_xmit() in kthread. Which means that
the dev_put(ifp) should NOT be called in the success path of skb
initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-
after-free because the net_device is freed. This patch removed the
dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added
dev_put() after skb xmit in tx().
|
