{"api_version":"1","generated_at":"2026-05-12T18:11:29+00:00","cve":"CVE-2024-26898","urls":{"html":"https://cve.report/CVE-2024-26898","api":"https://cve.report/api/cve/CVE-2024-26898.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-26898","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-26898"},"summary":{"title":"aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts","description":"In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\n\nThis patch is against CVE-2023-6270. The description of cve is:\n\n  A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n  kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n  `struct net_device`, and a use-after-free can be triggered by racing\n  between the free on the struct and the access through the `skbtxq`\n  global queue. This could lead to a denial of service condition or\n  potential code execution.\n\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()->dev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\n\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().","state":"PUBLISHED","assigner":"Linux","published_at":"2024-04-17 11:15:10","updated_at":"2026-05-12 12:16:25"},"problem_types":["CWE-416","CWE-416 CWE-416 Use After Free"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-398330.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-398330.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4","name":"https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa","name":"https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662","name":"https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","name":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c","name":"https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62","name":"https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881","name":"https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65","name":"https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e","name":"https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","name":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99","name":"https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-26898","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26898","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7562f876cd93800f2f8c89445f2a563590b24e09 ad80c34944d7175fa1f5c7a55066020002921a99 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7562f876cd93800f2f8c89445f2a563590b24e09 1a54aa506b3b2f31496731039e49778f54eee881 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7562f876cd93800f2f8c89445f2a563590b24e09 faf0b4c5e00bb680e8e43ac936df24d3f48c8e65 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7562f876cd93800f2f8c89445f2a563590b24e09 7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7562f876cd93800f2f8c89445f2a563590b24e09 74ca3ef68d2f449bc848c0a814cefc487bf755fa git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7562f876cd93800f2f8c89445f2a563590b24e09 eb48680b0255a9e8a9bdc93d6a55b11c31262e62 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7562f876cd93800f2f8c89445f2a563590b24e09 079cba4f4e307c69878226fdf5228c20aa1c969c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7562f876cd93800f2f8c89445f2a563590b24e09 a16fbb80064634b254520a46395e36b87ca4731e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7562f876cd93800f2f8c89445f2a563590b24e09 f98364e926626c678fb4b9004b75cacf92ff0662 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2.6.22","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 2.6.22 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.19.311 4.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.4.273 5.4.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.214 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.153 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.83 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.23 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.7.11 6.7.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.8.2 6.8.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.9 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"linux","product":"linux_kernel","version":"affected 2.6.22","platforms":[]},{"source":"ADP","vendor":"linux","product":"linux_kernel","version":"affected 7562f876cd93 ad80c34944d7 git","platforms":[]},{"source":"ADP","vendor":"linux","product":"linux_kernel","version":"affected 7562f876cd93 1a54aa506b3b git","platforms":[]},{"source":"ADP","vendor":"linux","product":"linux_kernel","version":"affected 7562f876cd93 faf0b4c5e00b git","platforms":[]},{"source":"ADP","vendor":"linux","product":"linux_kernel","version":"affected 7562f876cd93 7dd09fa80b07 git","platforms":[]},{"source":"ADP","vendor":"linux","product":"linux_kernel","version":"affected 7562f876cd93 74ca3ef68d2f git","platforms":[]},{"source":"ADP","vendor":"linux","product":"linux_kernel","version":"affected 7562f876cd93 eb48680b0255 git","platforms":[]},{"source":"ADP","vendor":"linux","product":"linux_kernel","version":"affected 7562f876cd93 079cba4f4e30 git","platforms":[]},{"source":"ADP","vendor":"linux","product":"linux_kernel","version":"affected 7562f876cd93 a16fbb800646 git","platforms":[]},{"source":"ADP","vendor":"linux","product":"linux_kernel","version":"affected 7562f876cd93 f98364e92662 git","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","version":"affected * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.0 V3.1.5 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.0 V3.1.5 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.0 V3.1.5 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.0 V3.1.5 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.0 V3.1.5 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"26898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"cpes":["cpe:2.3:o:linux:linux_kernel:2.6.22:-:*:*:*:*:*:*"],"defaultStatus":"affected","product":"linux_kernel","vendor":"linux","versions":[{"status":"affected","version":"2.6.22"}]},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"linux_kernel","vendor":"linux","versions":[{"lessThan":"ad80c34944d7","status":"affected","version":"7562f876cd93","versionType":"git"},{"lessThan":"1a54aa506b3b","status":"affected","version":"7562f876cd93","versionType":"git"},{"lessThan":"faf0b4c5e00b","status":"affected","version":"7562f876cd93","versionType":"git"},{"lessThan":"7dd09fa80b07","status":"affected","version":"7562f876cd93","versionType":"git"},{"lessThan":"74ca3ef68d2f","status":"affected","version":"7562f876cd93","versionType":"git"},{"lessThan":"eb48680b0255","status":"affected","version":"7562f876cd93","versionType":"git"},{"lessThan":"079cba4f4e30","status":"affected","version":"7562f876cd93","versionType":"git"},{"lessThan":"a16fbb800646","status":"affected","version":"7562f876cd93","versionType":"git"},{"lessThan":"f98364e92662","status":"affected","version":"7562f876cd93","versionType":"git"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2024-26898","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-06-12T16:22:28.091007Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416 Use After Free","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2024-07-22T14:55:25.413Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-08-02T00:21:05.475Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662"},{"tags":["x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"},{"tags":["x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}],"title":"CVE Program Container"},{"affected":[{"defaultStatus":"unknown","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"V3.1.5","status":"affected","version":"V3.1.0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"V3.1.5","status":"affected","version":"V3.1.0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"V3.1.5","status":"affected","version":"V3.1.0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"V3.1.5","status":"affected","version":"V3.1.0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"V3.1.5","status":"affected","version":"V3.1.0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T11:50:22.149Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-398330.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/block/aoe/aoecmd.c","drivers/block/aoe/aoenet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"ad80c34944d7175fa1f5c7a55066020002921a99","status":"affected","version":"7562f876cd93800f2f8c89445f2a563590b24e09","versionType":"git"},{"lessThan":"1a54aa506b3b2f31496731039e49778f54eee881","status":"affected","version":"7562f876cd93800f2f8c89445f2a563590b24e09","versionType":"git"},{"lessThan":"faf0b4c5e00bb680e8e43ac936df24d3f48c8e65","status":"affected","version":"7562f876cd93800f2f8c89445f2a563590b24e09","versionType":"git"},{"lessThan":"7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4","status":"affected","version":"7562f876cd93800f2f8c89445f2a563590b24e09","versionType":"git"},{"lessThan":"74ca3ef68d2f449bc848c0a814cefc487bf755fa","status":"affected","version":"7562f876cd93800f2f8c89445f2a563590b24e09","versionType":"git"},{"lessThan":"eb48680b0255a9e8a9bdc93d6a55b11c31262e62","status":"affected","version":"7562f876cd93800f2f8c89445f2a563590b24e09","versionType":"git"},{"lessThan":"079cba4f4e307c69878226fdf5228c20aa1c969c","status":"affected","version":"7562f876cd93800f2f8c89445f2a563590b24e09","versionType":"git"},{"lessThan":"a16fbb80064634b254520a46395e36b87ca4731e","status":"affected","version":"7562f876cd93800f2f8c89445f2a563590b24e09","versionType":"git"},{"lessThan":"f98364e926626c678fb4b9004b75cacf92ff0662","status":"affected","version":"7562f876cd93800f2f8c89445f2a563590b24e09","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/block/aoe/aoecmd.c","drivers/block/aoe/aoenet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"2.6.22"},{"lessThan":"2.6.22","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"4.19.*","status":"unaffected","version":"4.19.311","versionType":"semver"},{"lessThanOrEqual":"5.4.*","status":"unaffected","version":"5.4.273","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.214","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.153","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.83","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.23","versionType":"semver"},{"lessThanOrEqual":"6.7.*","status":"unaffected","version":"6.7.11","versionType":"semver"},{"lessThanOrEqual":"6.8.*","status":"unaffected","version":"6.8.2","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.9","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"4.19.311","versionStartIncluding":"2.6.22","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.273","versionStartIncluding":"2.6.22","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.214","versionStartIncluding":"2.6.22","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.153","versionStartIncluding":"2.6.22","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.83","versionStartIncluding":"2.6.22","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.23","versionStartIncluding":"2.6.22","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.7.11","versionStartIncluding":"2.6.22","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.8.2","versionStartIncluding":"2.6.22","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9","versionStartIncluding":"2.6.22","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\n\nThis patch is against CVE-2023-6270. The description of cve is:\n\n  A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n  kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n  `struct net_device`, and a use-after-free can be triggered by racing\n  between the free on the struct and the access through the `skbtxq`\n  global queue. This could lead to a denial of service condition or\n  potential code execution.\n\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()->dev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\n\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx()."}],"providerMetadata":{"dateUpdated":"2026-05-11T20:06:33.344Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/ad80c34944d7175fa1f5c7a55066020002921a99"},{"url":"https://git.kernel.org/stable/c/1a54aa506b3b2f31496731039e49778f54eee881"},{"url":"https://git.kernel.org/stable/c/faf0b4c5e00bb680e8e43ac936df24d3f48c8e65"},{"url":"https://git.kernel.org/stable/c/7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4"},{"url":"https://git.kernel.org/stable/c/74ca3ef68d2f449bc848c0a814cefc487bf755fa"},{"url":"https://git.kernel.org/stable/c/eb48680b0255a9e8a9bdc93d6a55b11c31262e62"},{"url":"https://git.kernel.org/stable/c/079cba4f4e307c69878226fdf5228c20aa1c969c"},{"url":"https://git.kernel.org/stable/c/a16fbb80064634b254520a46395e36b87ca4731e"},{"url":"https://git.kernel.org/stable/c/f98364e926626c678fb4b9004b75cacf92ff0662"}],"title":"aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2024-26898","datePublished":"2024-04-17T10:27:48.466Z","dateReserved":"2024-02-19T14:20:24.186Z","dateUpdated":"2026-05-12T11:50:22.149Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-04-17 11:15:10","lastModifiedDate":"2026-05-12 12:16:25","problem_types":["CWE-416","CWE-416 CWE-416 Use After Free"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"4.19.311","matchCriteriaId":"0C11EA91-49A5-48C2-88DC-31A895CF5BA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.273","matchCriteriaId":"620FD8B7-BF03-43E0-951A-0A58461D4C55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.214","matchCriteriaId":"65987874-467B-4D3B-91D6-68A129B34FB8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.153","matchCriteriaId":"ACB69438-845D-4E3C-B114-3140611F9C0B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.83","matchCriteriaId":"121A07F6-F505-4C47-86BF-9BB6CC7B6C19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.23","matchCriteriaId":"E00814DC-0BA7-431A-9926-80FEB4A96C68"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.7.11","matchCriteriaId":"9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.8.2","matchCriteriaId":"543A75FF-25B8-4046-A514-1EA8EDD87AB1"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"26898","Ordinal":"1","Title":"aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts","CVE":"CVE-2024-26898","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"26898","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\naoe: fix the potential use-after-free problem in aoecmd_cfg_pkts\n\nThis patch is against CVE-2023-6270. The description of cve is:\n\n  A flaw was found in the ATA over Ethernet (AoE) driver in the Linux\n  kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on\n  `struct net_device`, and a use-after-free can be triggered by racing\n  between the free on the struct and the access through the `skbtxq`\n  global queue. This could lead to a denial of service condition or\n  potential code execution.\n\nIn aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial\ncode is finished. But the net_device ifp will still be used in\nlater tx()->dev_queue_xmit() in kthread. Which means that the\ndev_put(ifp) should NOT be called in the success path of skb\ninitial code in aoecmd_cfg_pkts(). Otherwise tx() may run into\nuse-after-free because the net_device is freed.\n\nThis patch removed the dev_put(ifp) in the success path in\naoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().","Type":"Description","Title":"aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts"}]}}}