Lucene search
LinuxVULNRICHMENT:CVE-2024-42108HistoryJul 30, 2024 - 7:46 a.m.
CVE-2024-42108 net: rswitch: Avoid use-after-free in rswitch_poll()
2024-07-3007:46:03
Linux
github.com
2
linux kernel
net
rswitch_poll
use-after-free
vulnerability
rswitch_tx_free
skb
gq
dev_kfree_skb_any
interface statistics
kfence
arp request
icmp echo request
In the Linux kernel, the following vulnerability has been resolved:
net: rswitch: Avoid use-after-free in rswitch_poll()
The use-after-free is actually in rswitch_tx_free(), which is inlined in
rswitch_poll(). Since skb and gq->skbs[gq->dirty] are in fact the
same pointer, the skb is first freed using dev_kfree_skb_any(), then the
value in skb->len is used to update the interface statistics.
Let’s move around the instructions to use skb->len before the skb is
freed.
This bug is trivial to reproduce using KFENCE. It will trigger a splat
every few packets. A simple ARP request or ICMP echo request is enough.
Related
ubuntucve
ubuntucve
CVE-2024-42108
2024-07-30 00:00:00
cvelist
cvelist
CVE-2024-42108 net: rswitch: Avoid use-after-free in rswitch_poll()
2024-07-30 07:46:03
debiancve
debiancve
CVE-2024-42108
2024-07-30 08:15:03
osv
osv
CVE-2024-42108
2024-07-30 08:15:03
nvd
nvd
CVE-2024-42108
2024-07-30 08:15:03
redhatcve
redhatcve
CVE-2024-42108
2024-07-31 09:18:47
cve
cve
CVE-2024-42108
2024-07-30 08:15:03
AI Score
6.9
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-42108