Updated: 2024-11-08 21:21:48.907609
Description:
In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition In the switchtec_ntb_add function, it can call switchtec_ntb_init_sndev function, then &sndev->check_link_status_work is bound with check_link_status_work. switchtec_ntb_link_notification may be called to start the work. If we remove the module which will call switchtec_ntb_remove to make cleanup, it will free sndev through kfree(sndev), while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | check_link_status_work switchtec_ntb_remove | kfree(sndev); | | if (sndev->link_force_down) | // use sndev Fix it by ensuring that the work is canceled before proceeding with the cleanup in switchtec_ntb_remove.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.0 | HIGH | Not Vulnerable | 2024-11-07 11:59:42 | ||
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 7.0 | HIGH | Not Vulnerable | 2024-11-07 11:59:42 | ||
CentOS 6 ELS | kernel | 2.6.32 | 7.0 | HIGH | Not Vulnerable | 2024-11-07 11:59:42 | ||
CentOS 7 ELS | kernel | 3.10.0 | 7.0 | HIGH | Not Vulnerable | 2024-11-07 11:59:39 | ||
CentOS 8.4 ELS | kernel | 4.18.0 | 7.0 | HIGH | Not Vulnerable | 2024-11-07 11:59:40 | ||
CentOS 8.5 ELS | kernel | 4.18.0 | 7.0 | HIGH | Not Vulnerable | 2024-11-07 11:59:42 | ||
CentOS Stream 8 ELS | kernel | 4.18.0 | 7.0 | HIGH | Not Vulnerable | 2024-11-07 02:47:21 | ||
CloudLinux 6 ELS | kernel | 2.6.32 | 7.0 | HIGH | Not Vulnerable | 2024-11-07 11:59:42 | ||
CloudLinux 7 ELS | kernel | 3.10.0 | 7.0 | HIGH | Not Vulnerable | 2024-11-07 11:59:39 | ||
Oracle Linux 6 ELS | kernel | 2.6.32 | 7.0 | HIGH | Not Vulnerable | 2024-11-07 11:59:39 |