vulnerability
Oracle Linux: CVE-2024-41046: ELSA-2024-12610: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | 2024-07-29 | 2024-10-16 | 2025-01-23 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
2024-07-29
Added
2024-10-16
Modified
2025-01-23
Description
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: lantiq_etop: fix double free in detach
The number of the currently released descriptor is never incremented
which results in the same skb being released multiple times.
A vulnerability was found in the Linux kernel where the Lantiq Ethernet driver could cause a double-free error due to improper handling of network packet descriptors. This issue occurs because the counter tracking released descriptors are not incremented correctly, leading to the same network packet buffer being released multiple times. This flaw can result in memory corruption, causing unexpected behavior, system crashes, or even creating opportunities for attackers to exploit the system.
net: ethernet: lantiq_etop: fix double free in detach
The number of the currently released descriptor is never incremented
which results in the same skb being released multiple times.
A vulnerability was found in the Linux kernel where the Lantiq Ethernet driver could cause a double-free error due to improper handling of network packet descriptors. This issue occurs because the counter tracking released descriptors are not incremented correctly, leading to the same network packet buffer being released multiple times. This flaw can result in memory corruption, causing unexpected behavior, system crashes, or even creating opportunities for attackers to exploit the system.
Solution
oracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.