admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-268xx/CVE-2024-26898.json
cad-safe-bot 18d9db605c Auto-Update: 2024-08-01T14:00:22.673916+00:00
2024-08-01 14:03:18 +00:00

225 lines
8.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-26898",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T11:15:10.820",
"lastModified": "2024-08-01T13:48:14.737",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\n\nThis patch is against CVE-2023-6270. The description of cve is:\n\n A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n `struct net_device`, and a use-after-free can be triggered by racing\n between the free on the struct and the access through the `skbtxq`\n global queue. This could lead to a denial of service condition or\n potential code execution.\n\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()->dev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\n\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: aoe: soluciona el posible problema de use-after-free en aoecmd_cfg_pkts. Este parche es contra CVE-2023-6270. La descripci\u00f3n de cve es: Se encontr\u00f3 una falla en el controlador ATA sobre Ethernet (AoE) en el kernel de Linux. La funci\u00f3n aoecmd_cfg_pkts() actualiza incorrectamente el refcnt en `struct net_device`, y se puede activar un use-after-free corriendo entre lo libre en la estructura y el acceso a trav\u00e9s de la cola global `skbtxq`. Esto podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio o una posible ejecuci\u00f3n de c\u00f3digo. En aoecmd_cfg_pkts(), siempre llama a dev_put(ifp) cuando finaliza el c\u00f3digo inicial de skb. Pero el ifp net_device todav\u00eda se usar\u00e1 en tx()->dev_queue_xmit() posterior en kthread. Lo que significa que NO se debe llamar a dev_put(ifp) en la ruta exitosa del c\u00f3digo inicial de skb en aoecmd_cfg_pkts(). De lo contrario, tx() puede ejecutar use-after-free porque el net_device est\u00e1 liberado. Este parche elimin\u00f3 dev_put(ifp) en la ruta de \u00e9xito en aoecmd_cfg_pkts() y agreg\u00f3 dev_put() despu\u00e9s de skb xmit en tx()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.22",
"versionEndExcluding": "4.19.311",
"matchCriteriaId": "0C11EA91-49A5-48C2-88DC-31A895CF5BA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.273",
"matchCriteriaId": "620FD8B7-BF03-43E0-951A-0A58461D4C55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.214",
"matchCriteriaId": "65987874-467B-4D3B-91D6-68A129B34FB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.153",
"matchCriteriaId": "ACB69438-845D-4E3C-B114-3140611F9C0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.83",
"matchCriteriaId": "121A07F6-F505-4C47-86BF-9BB6CC7B6C19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.23",
"matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.11",
"matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.8.2",
"matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink