CVE-2024-42108

2024-07-3000:00:00

ubuntu.com

linux kernel

cve-2024-42108

net

rswitch_poll

use-after-free

rswitch_tx_free

kfence

splat

arp

icmp

vulnerability

AI Score

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved:
net: rswitch: Avoid use-after-free in rswitch_poll()
The use-after-free is actually in rswitch_tx_free(), which is inlined in
rswitch_poll(). Since skb and gq->skbs[gq->dirty] are in fact the
same pointer, the skb is first freed using dev_kfree_skb_any(), then the
value in skb->len is used to update the interface statistics.
Let’s move around the instructions to use skb->len before the skb is
freed.
This bug is trivial to reproduce using KFENCE. It will trigger a splat
every few packets. A simple ARP request or ICMP echo request is enough.

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-azure< anyUNKNOWN
ubuntu20.04noarchlinux-bluefield< anyUNKNOWN
ubuntu24.04noarchlinux-gcp< anyUNKNOWN
ubuntu24.04noarchlinux-gke< anyUNKNOWN
ubuntu24.04noarchlinux-ibm< anyUNKNOWN
ubuntu24.04noarchlinux-lowlatency< anyUNKNOWN
ubuntu24.04noarchlinux-nvidia< anyUNKNOWN
ubuntu22.04noarchlinux-nvidia-6.8< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	20.04	noarch	linux-bluefield	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gcp	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gke	< any	UNKNOWN
ubuntu	24.04	noarch	linux-ibm	< any	UNKNOWN
ubuntu	24.04	noarch	linux-lowlatency	< any	UNKNOWN
ubuntu	24.04	noarch	linux-nvidia	< any	UNKNOWN
ubuntu	22.04	noarch	linux-nvidia-6.8	< any	UNKNOWN