A flaw was found in the ATA over Ethernet (AoE) driver in...
High severity
Unreviewed
Published
Jan 4, 2024
to the GitHub Advisory Database
•
Updated Jun 27, 2024
Description
Published by the National Vulnerability Database
Jan 4, 2024
Published to the GitHub Advisory Database
Jan 4, 2024
Last updated
Jun 27, 2024
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on
struct net_device
, and a use-after-free can be triggered by racing between the free on the struct and the access through theskbtxq
global queue. This could lead to a denial of service condition or potential code execution.References