In the Linux kernel, the following vulnerability has been resolved: ravb:
Fix use-after-free issue in ravb_tx_timeout_work() The ravb_stop() should
call cancel_work_sync(). Otherwise, ravb_tx_timeout_work() is possible to
use the freed priv after ravb_remove() was called like below: CPU0 CPU1
ravb_tx_timeout() ravb_remove() unregister_netdev() free_netdev(ndev) //
free priv ravb_tx_timeout_work() // use priv unregister_netdev() will call
.ndo_stop() so that ravb_stop() is called. And, after phy_stop() is called,
netif_carrier_off() is also called. So that .ndo_tx_timeout() will not be
called after phy_stop().
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |