6134 – [ANCK 4.19] net: qcom/emac: Fix use after free bug in emac_remove due to race condition

Bug 6134 - [ANCK 4.19] net: qcom/emac: Fix use after free bug in emac_remove due to race condition

Summary: [ANCK 4.19] net: qcom/emac: Fix use after free bug in emac_remove due to race...

Status:	NEW

Alias:	None

Product:	ANCK 4.19 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	unspecified
Hardware:	x86_64 Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	maqiao_mq
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-08-08 14:53 UTC by Zh_hhhhh
Modified:	2023-09-11 10:02 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Vulnerability details (29.73 KB, image/png) 2023-08-08 14:53 UTC, Zh_hhhhh	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Zh_hhhhh cmss_group

2023-08-08 14:53:35 UTC

Created attachment 867 [details]
Vulnerability details

Description of problem:

Scanning for vulnerabilities during use，

CVE-2023-2483

The vulnerability allows an attacker to perform a denial of service (DoS) attack. The vulnerability exists due to competitive conditions in Qualcomm EMAC Gigabit Ethernet controllers. An attacker with physical access to the system can remove devices before calling cleanup in the emac_remove() function, triggering post-release usage errors and crashing the kernel.

Comment 1 小龙 admin

2023-08-08 15:23:58 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/2026

Comment 2 小龙 admin

2023-08-08 17:32:56 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/2032

Comment 3 小龙 admin

2023-09-11 10:02:47 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/2163