In the Linux kernel, the following vulnerability has been resolved:
net: rswitch: Avoid use-after-free in rswitch_poll()
The use-after-free is actually in rswitch_tx_free(), which is inlined in
rswitch_poll(). Since `skb` and `gq->skbs[gq->dirty]` are in fact the
same pointer, the skb is first freed using dev_kfree_skb_any(), then the
value in skb->len is used to update the interface statistics.
Let's move around the instructions to use skb->len before the skb is
freed.
This bug is trivial to reproduce using KFENCE. It will trigger a splat
every few packets. A simple ARP request or ICMP echo request is enough.
References
Configurations
History
19 Dec 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Nov 2024, 09:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/92cbbe7759193e3418f38d0d73f8fe125312c58b - Patch | |
References | () https://git.kernel.org/stable/c/9a0c28efeec6383ef22e97437616b920e7320b67 - Patch |
21 Aug 2024, 20:52
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 | |
First Time |
Linux linux Kernel
Linux |
|
References | () https://git.kernel.org/stable/c/92cbbe7759193e3418f38d0d73f8fe125312c58b - Patch | |
References | () https://git.kernel.org/stable/c/9a0c28efeec6383ef22e97437616b920e7320b67 - Patch | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
30 Jul 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Jul 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-30 08:15
Updated : 2024-12-19 19:15
NVD link : CVE-2024-42108
Mitre link : CVE-2024-42108
CVE.ORG link : CVE-2024-42108
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free