CVE-2023-54310
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
In the Linux kernel, the following vulnerability has been resolved:
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
mptlan_probe() calls mpt_register_lan_device() which initializes the
&priv->post_buckets_task workqueue. A call to
mpt_lan_wake_post_buckets_task() will subsequently start the work.
During driver unload in mptlan_remove() the following race may occur:
CPU0 CPU1
|mpt_lan_post_receive_buckets_work()
mptlan_remove() |
free_netdev() |
kfree(dev); |
|
| dev->mtu
| //use
Fix this by finishing the work prior to cleaning up in mptlan_remove().
[mkp: we really should remove mptlan instead of attempting to fix it]
Productos afectados
Linux · Linux¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://git.kernel.org/stable/c/410e610a96c52a7b41e2ab6c9ca60868d9aceccehttps://git.kernel.org/stable/c/48daa4a3015d859ee424948844ce3c12f2fe44e6https://git.kernel.org/stable/c/60c8645ad6f5b722615383d595d63b62b07a13c3https://git.kernel.org/stable/c/697f92f8317e538d8409a0c95d6370eb40b34c05https://git.kernel.org/stable/c/92f869693d84e813895ff4d25363744575515423https://git.kernel.org/stable/c/9c6da3b7f12528cd52c458b33496a098b838fcfchttps://git.kernel.org/stable/c/e84282efc87f2414839f6e15c31b4daa34ebaac1https://git.kernel.org/stable/c/f486893288f3e9b171b836f43853a6426515d800