AZL-42153

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42153.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-42153

Upstream

CVE-2024-35848

Published

2024-05-17T15:15:21Z

Modified

2026-04-01T05:14:43.334274Z

Summary

CVE-2024-35848 affecting package hyperv-daemons for versions less than 5.15.160.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

eeprom: at24: fix memory corruption race condition

If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory.

Move the failure point before registering the nvmem device.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-35848

Affected packages

Azure Linux:2 / hyperv-daemons

Package

Name: hyperv-daemons
Purl: pkg:rpm/azure-linux/hyperv-daemons

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.160.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42153.json"