Debian: CVE-2024-49982: linux, linux-6.1 -- security update

Debian: CVE-2024-49982: linux, linux-6.1 -- security update

Severity

7

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

10/21/2024

Created

11/12/2024

Added

11/11/2024

Modified

01/30/2025

Description

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.

Solution(s)

• debian-upgrade-linux
• debian-upgrade-linux-6-1

References

• https://attackerkb.com/topics/cve-2024-49982
• CVE - 2024-49982
• DLA-4008-1