AZL-40454

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40454.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-40454

Upstream

CVE-2024-27000

Published

2024-05-01T06:15:18Z

Modified

2026-04-01T05:14:02.067317Z

Summary

CVE-2024-27000 affecting package hyperv-daemons for versions less than 5.15.158.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

serial: mxs-auart: add spinlock around changing cts state

The uarthandlectschange() function in serialcore expects the caller to hold uport->lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded on an i.MX28 board.

[   85.119255] ------------[ cut here ]------------
[   85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec
[   85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs
[   85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1
[   85.151396] Hardware name: Freescale MXS (Device Tree)
[   85.156679] Workqueue: hci0 hci_power_on [bluetooth]
(...)
[   85.191765]  uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4
[   85.198787]  mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210
(...)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-27000

Affected packages

Azure Linux:2 / hyperv-daemons

Package

Name: hyperv-daemons
Purl: pkg:rpm/azure-linux/hyperv-daemons

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.158.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40454.json"