A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Sat, 30 Aug 2025 09:45:00 +0000


Thu, 22 May 2025 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Debian
Debian debian Linux
CPEs cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Vendors & Products Debian
Debian debian Linux

Thu, 22 May 2025 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Mon, 14 Apr 2025 19:15:00 +0000


Tue, 22 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T08:10:54.757Z

Reserved: 2023-11-23T14:31:28.637Z

Link: CVE-2023-6270

cve-icon Vulnrichment

Updated: 2024-08-02T08:28:20.376Z

cve-icon NVD

Status : Modified

Published: 2024-01-04T17:15:08.803

Modified: 2025-08-30T09:15:31.117

Link: CVE-2023-6270

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-01-04T00:00:00Z

Links: CVE-2023-6270 - Bugzilla

cve-icon OpenCVE Enrichment

No data.