A subtle but serious race-condition bug in the Linux kernel’s ATA over Ethernet (AoE) driver—tracked as CVE-2024-26898—has been fixed after researchers found a premature release of a network device reference that can produce a use-after-free condition. The flaw lives inside the aoecmd_cfg_pkts()...
