{"id":"CVE-2024-42108","summary":"net: rswitch: Avoid use-after-free in rswitch_poll()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rswitch: Avoid use-after-free in rswitch_poll()\n\nThe use-after-free is actually in rswitch_tx_free(), which is inlined in\nrswitch_poll(). Since `skb` and `gq-\u003eskbs[gq-\u003edirty]` are in fact the\nsame pointer, the skb is first freed using dev_kfree_skb_any(), then the\nvalue in skb-\u003elen is used to update the interface statistics.\n\nLet's move around the instructions to use skb-\u003elen before the skb is\nfreed.\n\nThis bug is trivial to reproduce using KFENCE. It will trigger a splat\nevery few packets. A simple ARP request or ICMP echo request is enough.","modified":"2026-04-02T12:17:48.508935Z","published":"2024-07-30T07:46:03.517Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42108.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/4a41bb9f2b402469d425a1c13359d3b3ea4e6403"},{"type":"WEB","url":"https://git.kernel.org/stable/c/92cbbe7759193e3418f38d0d73f8fe125312c58b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9a0c28efeec6383ef22e97437616b920e7320b67"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42108.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42108"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0aeec4bb6a9fc963932bf3c929bdf27d835d44e9"},{"fixed":"4a41bb9f2b402469d425a1c13359d3b3ea4e6403"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"271e015b91535dd87fd0f5df0cc3b906c2eddef9"},{"fixed":"92cbbe7759193e3418f38d0d73f8fe125312c58b"},{"fixed":"9a0c28efeec6383ef22e97437616b920e7320b67"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42108.json"}}],"schema_version":"1.7.5"}