Hi Jens, On Wed, Mar 06, 2024 at 08:35:34AM -0700, Jens Axboe wrote: > > On Tue, 05 Mar 2024 16:20:48 +0800, Lee, Chun-Yi wrote: > > This patch is against CVE-2023-6270. The description of cve is: > > > > A flaw was found in the ATA over Ethernet (AoE) driver in the Linux > > kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on > > `struct net_device`, and a use-after-free can be triggered by racing > > between the free on the struct and the access through the `skbtxq` > > global queue. This could lead to a denial of service condition or > > potential code execution. > > > > [...] > > Applied, thanks! > > [1/1] aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts > commit: f98364e926626c678fb4b9004b75cacf92ff0662 > Thanks for your review! Joey Lee
