Updated: 2026-02-27 02:57:18.951836
Description:
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is finished. But the net_device ifp will still be used in later tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should NOT be called in the success path of skb initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-after-free because the net_device is freed. This patch removed the dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.8 | HIGH | Already Fixed | 2025-07-02 01:18:23 | ||
| RHEL 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1750353839 | 2025-06-20 00:31:29 | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Released | CLSA-2024:1716270851 | 2024-05-21 05:38:25 | |
| Ubuntu 16.04 ELS | linux | 4.4.0 | 7.8 | HIGH | Released | CLSA-2024:1716269479 | 2024-05-21 05:38:13 | |
| Ubuntu 18.04 ELS | linux | 4.15.0 | 7.8 | HIGH | Released | CLSA-2024:1716270232 | 2024-05-21 05:38:14 |