In the Linux kernel, the following vulnerability has been resolved:
aoe: fix the potential use-after-free problem in aoecmdcfgpkts
This patch is against CVE-2023-6270. The description of cve is:
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux
kernel. The aoecmdcfgpkts() function improperly updates the refcnt on
struct net_device
, and a use-after-free can be triggered by racing
between the free on the struct and the access through the skbtxq
global queue. This could lead to a denial of service condition or
potential code execution.
In aoecmdcfgpkts(), it always calls devput(ifp) when skb initial code is finished. But the netdevice ifp will still be used in later tx()->devqueuexmit() in kthread. Which means that the devput(ifp) should NOT be called in the success path of skb initial code in aoecmdcfgpkts(). Otherwise tx() may run into use-after-free because the netdevice is freed.
This patch removed the devput(ifp) in the success path in aoecmdcfgpkts(), and added devput() after skb xmit in tx().