AZL-42204

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42204.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-42204

Upstream

CVE-2024-35972

Published

2024-05-20T10:15:12Z

Modified

2026-04-01T05:14:30.715652Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-35972 affecting package kernel for versions less than 5.15.158.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

bnxten: Fix possible memory leak in bnxtrdmaauxdevice_init()

If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-35972

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.158.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42204.json"