Updated: 2025-08-20 03:14:44.282086
Description:
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is finished. But the net_device ifp will still be used in later tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should NOT be called in the success path of skb initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-after-free because the net_device is freed. This patch removed the dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1743193221 | 2024-06-24 11:24:41 | |
| CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Released | 2024-09-03 14:33:30 | ||
| CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2024:1720468480 | 2024-07-23 17:22:29 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2024-05-01 22:12:08 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2024-06-11 14:23:11 | ||
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2024-06-11 14:21:02 | ||
| CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Ignored | 2025-01-10 22:44:10 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Ignored | 2025-01-10 22:43:54 | CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo... | |
| Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Released | 2024-09-03 14:33:29 | ||
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1742322442 | 2025-03-25 03:29:43 |