### [CVE-2024-49982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49982)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=079cba4f4e307c69878226fdf5228c20aa1c969c%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1a54aa506b3b2f31496731039e49778f54eee881%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=74ca3ef68d2f449bc848c0a814cefc487bf755fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=a16fbb80064634b254520a46395e36b87ca4731e%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=ad80c34944d7175fa1f5c7a55066020002921a99%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=eb48680b0255a9e8a9bdc93d6a55b11c31262e62%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=f98364e926626c678fb4b9004b75cacf92ff0662%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=faf0b4c5e00bb680e8e43ac936df24d3f48c8e65%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:aoe: fix the potential use-after-free problem in more placesFor fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potentialuse-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put()instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runsinto use-after-free.Then Nicolai Stange found more places in aoe have potential use-after-freeproblem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to pushpacket to tx queue. So they should also use dev_hold() to increase therefcnt of skb->dev.On the other hand, moving dev_put() to tx() causes that the refcnt ofskb->dev be reduced to a negative value, because correspondingdev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(),probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/w4zu/Debian_security