mirror of
https://github.com/torvalds/linux.git
synced 2024-09-20 23:13:00 +00:00
f98364e926
This patch is against CVE-2023-6270. The description of cve is:
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux
kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on
`struct net_device`, and a use-after-free can be triggered by racing
between the free on the struct and the access through the `skbtxq`
global queue. This could lead to a denial of service condition or
potential code execution.
In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial
code is finished. But the net_device ifp will still be used in
later tx()->dev_queue_xmit() in kthread. Which means that the
dev_put(ifp) should NOT be called in the success path of skb
initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into
use-after-free because the net_device is freed.
This patch removed the dev_put(ifp) in the success path in
aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-6270
Fixes:
|
||
|---|---|---|
| .. | ||
| aoe | ||
| drbd | ||
| mtip32xx | ||
| null_blk | ||
| rnbd | ||
| xen-blkback | ||
| zram | ||
| amiflop.c | ||
| ataflop.c | ||
| brd.c | ||
| floppy.c | ||
| Kconfig | ||
| loop.c | ||
| Makefile | ||
| n64cart.c | ||
| nbd.c | ||
| pktcdvd.c | ||
| ps3disk.c | ||
| ps3vram.c | ||
| rbd_types.h | ||
| rbd.c | ||
| sunvdc.c | ||
| swim_asm.S | ||
| swim.c | ||
| swim3.c | ||
| ublk_drv.c | ||
| virtio_blk.c | ||
| xen-blkfront.c | ||
| z2ram.c | ||