漏洞标题
网络:ll_temac:确保在完全使用skb时释放skb
漏洞描述信息
在Linux内核中,已解决以下漏洞:
net: ll_temac: 确保在完全使用skb时释放skb
通过在TX BD上携带skb指针,我们有了一种简单且高效的方法在帧已传输后释放skb缓冲区。但是,为了避免在skb中的帧片段仍在使用时释放skb,我们需要在skb的TX BD上携带,而不仅仅是第一个。
如果不这样做,在xmit_done中看到一个多TX BD包的第一个BD被视为完成时,DMA侧会发生使用后释放,而剩余的BD仍在处理中。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
释放后使用
漏洞标题
net: ll_temac: Make sure to free skb when it is completely used
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
net: ll_temac: Make sure to free skb when it is completely used
With the skb pointer piggy-backed on the TX BD, we have a simple and
efficient way to free the skb buffer when the frame has been transmitted.
But in order to avoid freeing the skb while there are still fragments from
the skb in use, we need to piggy-back on the TX BD of the skb, not the
first.
Without this, we are doing use-after-free on the DMA side, when the first
BD of a multi TX BD packet is seen as completed in xmit_done, and the
remaining BDs are still being processed.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于内存释放后重用。
CVSS信息
N/A
漏洞类别
其他