admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-01 19:21:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-421xx/CVE-2024-42108.json
cad-safe-bot 4fb80a88b5 Auto-Update: 2024-07-30T14:00:19.118167+00:00
2024-07-30 14:03:15 +00:00

29 lines
2.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-42108",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:03.333",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rswitch: Avoid use-after-free in rswitch_poll()\n\nThe use-after-free is actually in rswitch_tx_free(), which is inlined in\nrswitch_poll(). Since `skb` and `gq->skbs[gq->dirty]` are in fact the\nsame pointer, the skb is first freed using dev_kfree_skb_any(), then the\nvalue in skb->len is used to update the interface statistics.\n\nLet's move around the instructions to use skb->len before the skb is\nfreed.\n\nThis bug is trivial to reproduce using KFENCE. It will trigger a splat\nevery few packets. A simple ARP request or ICMP echo request is enough."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: rswitch: Evite el use after free en rswitch_poll() El use after free est\u00e1 en realidad en rswitch_tx_free(), que est\u00e1 incluido en rswitch_poll(). Dado que `skb` y `gq->skbs[gq->dirty]` son de hecho el mismo puntero, el skb primero se libera usando dev_kfree_skb_any(), luego el valor en skb->len se usa para actualizar las estad\u00edsticas de la interfaz. Avancemos por las instrucciones para usar skb->len antes de liberar el skb. Este error es trivial de reproducir usando KFENCE. Activar\u00e1 un sonido cada pocos paquetes. Una simple solicitud ARP o una solicitud de eco ICMP es suficiente."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/92cbbe7759193e3418f38d0d73f8fe125312c58b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9a0c28efeec6383ef22e97437616b920e7320b67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink