{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-49982","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-10-21T12:17:06.052Z","datePublished":"2024-10-21T18:02:27.820Z","dateUpdated":"2025-11-03T22:24:03.908Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:59:17.641Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in more places\n\nFor fixing CVE-2023-6270, f98364e92662 (\"aoe: fix the potential\nuse-after-free problem in aoecmd_cfg_pkts\") makes tx() calling dev_put()\ninstead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs\ninto use-after-free.\n\nThen Nicolai Stange found more places in aoe have potential use-after-free\nproblem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()\nand aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push\npacket to tx queue. So they should also use dev_hold() to increase the\nrefcnt of skb->dev.\n\nOn the other hand, moving dev_put() to tx() causes that the refcnt of\nskb->dev be reduced to a negative value, because corresponding\ndev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(),\nprobe(), and aoecmd_cfg_rsp(). This patch fixed this issue."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/block/aoe/aoecmd.c"],"versions":[{"version":"ad80c34944d7175fa1f5c7a55066020002921a99","lessThan":"12f7b89dd72b25da4eeaa22097877963cad6418e","status":"affected","versionType":"git"},{"version":"1a54aa506b3b2f31496731039e49778f54eee881","lessThan":"a786265aecf39015418e4f930cc1c14603a01490","status":"affected","versionType":"git"},{"version":"faf0b4c5e00bb680e8e43ac936df24d3f48c8e65","lessThan":"f63461af2c1a86af4217910e47a5c46e3372e645","status":"affected","versionType":"git"},{"version":"7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4","lessThan":"07b418d50ccbbca7e5d87a3a0d41d436cefebf79","status":"affected","versionType":"git"},{"version":"74ca3ef68d2f449bc848c0a814cefc487bf755fa","lessThan":"bc2cbf7525ac288e07d465f5a1d8cb8fb9599254","status":"affected","versionType":"git"},{"version":"eb48680b0255a9e8a9bdc93d6a55b11c31262e62","lessThan":"acc5103a0a8c200a52af7d732c36a8477436a3d3","status":"affected","versionType":"git"},{"version":"f98364e926626c678fb4b9004b75cacf92ff0662","lessThan":"89d9a69ae0c667e4d9d028028e2dcc837bae626f","status":"affected","versionType":"git"},{"version":"f98364e926626c678fb4b9004b75cacf92ff0662","lessThan":"8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58","status":"affected","versionType":"git"},{"version":"f98364e926626c678fb4b9004b75cacf92ff0662","lessThan":"6d6e54fc71ad1ab0a87047fd9c211e75d86084a3","status":"affected","versionType":"git"},{"version":"079cba4f4e307c69878226fdf5228c20aa1c969c","status":"affected","versionType":"git"},{"version":"a16fbb80064634b254520a46395e36b87ca4731e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/block/aoe/aoecmd.c"],"versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","status":"unaffected","versionType":"semver"},{"version":"4.19.323","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.285","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.227","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.168","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.113","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.55","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.14","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11.3","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.311","versionEndExcluding":"4.19.323"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.273","versionEndExcluding":"5.4.285"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.214","versionEndExcluding":"5.10.227"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.153","versionEndExcluding":"5.15.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.83","versionEndExcluding":"6.1.113"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.23","versionEndExcluding":"6.6.55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.10.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.11.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/12f7b89dd72b25da4eeaa22097877963cad6418e"},{"url":"https://git.kernel.org/stable/c/a786265aecf39015418e4f930cc1c14603a01490"},{"url":"https://git.kernel.org/stable/c/f63461af2c1a86af4217910e47a5c46e3372e645"},{"url":"https://git.kernel.org/stable/c/07b418d50ccbbca7e5d87a3a0d41d436cefebf79"},{"url":"https://git.kernel.org/stable/c/bc2cbf7525ac288e07d465f5a1d8cb8fb9599254"},{"url":"https://git.kernel.org/stable/c/acc5103a0a8c200a52af7d732c36a8477436a3d3"},{"url":"https://git.kernel.org/stable/c/89d9a69ae0c667e4d9d028028e2dcc837bae626f"},{"url":"https://git.kernel.org/stable/c/8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58"},{"url":"https://git.kernel.org/stable/c/6d6e54fc71ad1ab0a87047fd9c211e75d86084a3"}],"title":"aoe: fix the potential use-after-free problem in more places","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-49982","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-10-22T13:32:22.974285Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T13:38:44.189Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:24:03.908Z"}}]}}