SB20240531118 - Use-after-free in Linux kernel block aoe driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2024-26898)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99
• https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881
• https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65
• https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4
• https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa
• https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62
• https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c
• https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e
• https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2