ALAS2KERNEL-5.4-2024-062 --- kernelID: oval:org.secpod.oval:def:1702217 | Date: (C)2024-05-09 (M)2024-06-13 |
Class: PATCH | Family: unix |
A flaw was found in the ATA over Ethernet driver in the Linux kernel. The aoecmd_cfg_pkts function improperly updates the refcnt on 'struct net_device', and a use-after-free can be triggered by racing between the free on the struct and the access through the 'skbtxq' global queue. This could lead to a denial of service condition or potential code execution. A Speculative Race Condition vulnerability that impacts modern CPU architectures supporting speculative execution has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_rbtree: skip end interval element from gcrbtree lazy gc on insert might collect an end interval element that hasbeen just added in this transactions, skip end interval elements thatare not yet active
Product: |
kernel |
perf |
python-perf |
bpftool |