AZL-42156

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42156.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-42156

Upstream

CVE-2024-27418

Published

2024-05-17T12:15:13Z

Modified

2026-04-01T05:14:29.713274Z

Summary

CVE-2024-27418 affecting package hyperv-daemons for versions less than 5.15.158.2-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: mctp: take ownership of skb in mctplocaloutput

Currently, mctplocaloutput only takes ownership of skb on success, and we may leak an skb if mctplocaloutput fails in specific states; the skb ownership isn't transferred until the actual output routing occurs.

Instead, make mctplocaloutput free the skb on all error paths up to the route action, so it always consumes the passed skb.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-27418

Affected packages

Azure Linux:2 / hyperv-daemons

Package

Name: hyperv-daemons
Purl: pkg:rpm/azure-linux/hyperv-daemons

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.158.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42156.json"