Re: (subset) [PATCH] aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

From: Jens Axboe
Date: Wed Mar 06 2024 - 10:37:41 EST

Next message: Darrick J. Wong: "Re: [PATCH v2 1/2] xfs: Remove duplicate include"
Previous message: Jens Axboe: "Re: [PATCH] block: move capacity validation to blkpg_do_ioctl()"
In reply to: Lee, Chun-Yi: "[PATCH] aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts"
Next in thread: joeyli: "Re: (subset) [PATCH] aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 05 Mar 2024 16:20:48 +0800, Lee, Chun-Yi wrote:
> This patch is against CVE-2023-6270. The description of cve is:
>
> A flaw was found in the ATA over Ethernet (AoE) driver in the Linux
> kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on
> `struct net_device`, and a use-after-free can be triggered by racing
> between the free on the struct and the access through the `skbtxq`
> global queue. This could lead to a denial of service condition or
> potential code execution.
>
> [...]

Applied, thanks!

[1/1] aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
commit: f98364e926626c678fb4b9004b75cacf92ff0662

Best regards,
--
Jens Axboe

Next message: Darrick J. Wong: "Re: [PATCH v2 1/2] xfs: Remove duplicate include"
Previous message: Jens Axboe: "Re: [PATCH] block: move capacity validation to blkpg_do_ioctl()"
In reply to: Lee, Chun-Yi: "[PATCH] aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts"
Next in thread: joeyli: "Re: (subset) [PATCH] aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]