{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26898","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.186Z","datePublished":"2024-04-17T10:27:48.466Z","dateUpdated":"2025-05-04T08:59:10.977Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:59:10.977Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\n\nThis patch is against CVE-2023-6270. The description of cve is:\n\n  A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n  kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n  `struct net_device`, and a use-after-free can be triggered by racing\n  between the free on the struct and the access through the `skbtxq`\n  global queue. This could lead to a denial of service condition or\n  potential code execution.\n\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()->dev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\n\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/block/aoe/aoecmd.c","drivers/block/aoe/aoenet.c"],"versions":[{"version":"7562f876cd93800f2f8c89445f2a563590b24e09","lessThan":"ad80c34944d7175fa1f5c7a55066020002921a99","status":"affected","versionType":"git"},{"version":"7562f876cd93800f2f8c89445f2a563590b24e09","lessThan":"1a54aa506b3b2f31496731039e49778f54eee881","status":"affected","versionType":"git"},{"version":"7562f876cd93800f2f8c89445f2a563590b24e09","lessThan":"faf0b4c5e00bb680e8e43ac936df24d3f48c8e65","status":"affected","versionType":"git"},{"version":"7562f876cd93800f2f8c89445f2a563590b24e09","lessThan":"7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4","status":"affected","versionType":"git"},{"version":"7562f876cd93800f2f8c89445f2a563590b24e09","lessThan":"74ca3ef68d2f449bc848c0a814cefc487bf755fa","status":"affected","versionType":"git"},{"version":"7562f876cd93800f2f8c89445f2a563590b24e09","lessThan":"eb48680b0255a9e8a9bdc93d6a55b11c31262e62","status":"affected","versionType":"git"},{"version":"7562f876cd93800f2f8c89445f2a563590b24e09","lessThan":"079cba4f4e307c69878226fdf5228c20aa1c969c","status":"affected","versionType":"git"},{"version":"7562f876cd93800f2f8c89445f2a563590b24e09","lessThan":"a16fbb80064634b254520a46395e36b87ca4731e","status":"affected","versionType":"git"},{"version":"7562f876cd93800f2f8c89445f2a563590b24e09","lessThan":"f98364e926626c678fb4b9004b75cacf92ff0662","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/block/aoe/aoecmd.c","drivers/block/aoe/aoenet.c"],"versions":[{"version":"2.6.22","status":"affected"},{"version":"0","lessThan":"2.6.22","status":"unaffected","versionType":"semver"},{"version":"4.19.311","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.273","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.214","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.153","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.83","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.23","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.11","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8.2","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"4.19.311"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"5.4.273"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"5.10.214"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"5.15.153"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.1.83"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.6.23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.7.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.8.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99"},{"url":"https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881"},{"url":"https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65"},{"url":"https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4"},{"url":"https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa"},{"url":"https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62"},{"url":"https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c"},{"url":"https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e"},{"url":"https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662"}],"title":"aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-416","lang":"en","description":"CWE-416 Use After Free"}]}],"affected":[{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:2.6.22:-:*:*:*:*:*:*"],"defaultStatus":"affected","versions":[{"version":"2.6.22","status":"affected"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"7562f876cd93","status":"affected","lessThan":"ad80c34944d7","versionType":"git"},{"version":"7562f876cd93","status":"affected","lessThan":"1a54aa506b3b","versionType":"git"},{"version":"7562f876cd93","status":"affected","lessThan":"faf0b4c5e00b","versionType":"git"},{"version":"7562f876cd93","status":"affected","lessThan":"7dd09fa80b07","versionType":"git"},{"version":"7562f876cd93","status":"affected","lessThan":"74ca3ef68d2f","versionType":"git"},{"version":"7562f876cd93","status":"affected","lessThan":"eb48680b0255","versionType":"git"},{"version":"7562f876cd93","status":"affected","lessThan":"079cba4f4e30","versionType":"git"},{"version":"7562f876cd93","status":"affected","lessThan":"a16fbb800646","versionType":"git"},{"version":"7562f876cd93","status":"affected","lessThan":"f98364e92662","versionType":"git"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-06-12T16:22:28.091007Z","id":"CVE-2024-26898","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-22T14:55:25.413Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:21:05.475Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]}]},"dataVersion":"5.1"}