{"id":"CVE-2024-47747","summary":"net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition\n\nIn the ether3_probe function, a timer is initialized with a callback\nfunction ether3_ledoff, bound to &prev(dev)-\u003etimer. Once the timer is\nstarted, there is a risk of a race condition if the module or device\nis removed, triggering the ether3_remove function to perform cleanup.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0                                    CPU1\n\n                      |  ether3_ledoff\nether3_remove         |\n  free_netdev(dev);   |\n  put_devic           |\n  kfree(dev);         |\n |  ether3_outw(priv(dev)-\u003eregs.config2 |= CFG2_CTRLO, REG_CONFIG2);\n                      | // use dev\n\nFix it by ensuring that the timer is canceled before proceeding with\nthe cleanup in ether3_remove.","modified":"2026-03-20T12:39:14.664342Z","published":"2024-10-21T12:14:13.783Z","related":["MGASA-2024-0344","MGASA-2024-0345","SUSE-SU-2024:3983-1","SUSE-SU-2024:3984-1","SUSE-SU-2024:3985-1","SUSE-SU-2024:3986-1","SUSE-SU-2024:4081-1","SUSE-SU-2024:4082-1","SUSE-SU-2024:4103-1","SUSE-SU-2024:4131-1","SUSE-SU-2024:4140-1","SUSE-SU-2024:4318-1","SUSE-SU-2024:4364-1","SUSE-SU-2024:4387-1","SUSE-SU-2025:20163-1","SUSE-SU-2025:20164-1","SUSE-SU-2025:20246-1","SUSE-SU-2025:20247-1","USN-7276-1","USN-7277-1","openSUSE-SU-2024:14500-1","openSUSE-SU-2025:14705-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47747.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1c57d61a43293252ad732007c7070fdb112545fd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/25d559ed2beec9b34045886100dac46d1ad92eba"},{"type":"WEB","url":"https://git.kernel.org/stable/c/338a0582b28e69460df03af50e938b86b4206353"},{"type":"WEB","url":"https://git.kernel.org/stable/c/516dbc6d16637430808c39568cbb6b841d32b55b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/77a77331cef0a219b8dd91361435eeef04cb741c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/822c7bb1f6f8b0331e8d1927151faf8db3b33afd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b5109b60ee4fcb2f2bb24f589575e10cc5283ad4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d2abc379071881798d20e2ac1d332ad855ae22f3"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47747.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47747"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6fd9c53f71862a4797b7ed8a5de80e2c64829f56"},{"fixed":"25d559ed2beec9b34045886100dac46d1ad92eba"},{"fixed":"b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9"},{"fixed":"338a0582b28e69460df03af50e938b86b4206353"},{"fixed":"822c7bb1f6f8b0331e8d1927151faf8db3b33afd"},{"fixed":"1c57d61a43293252ad732007c7070fdb112545fd"},{"fixed":"d2abc379071881798d20e2ac1d332ad855ae22f3"},{"fixed":"516dbc6d16637430808c39568cbb6b841d32b55b"},{"fixed":"77a77331cef0a219b8dd91361435eeef04cb741c"},{"fixed":"b5109b60ee4fcb2f2bb24f589575e10cc5283ad4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47747.json"}}],"schema_version":"1.7.5"}