AZL-47160

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47160.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-47160

Upstream

CVE-2024-42080

Published

2024-07-29T16:15:07Z

Modified

2026-04-01T05:16:58.672933Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-42080 affecting package kernel for versions less than 6.6.43.1-7

Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/restrack: Fix potential invalid address access

struct rdmarestrackentry's kernname was set to KBUILDMODNAME in ibcreatecq(), while if the module exited but forgot del this rdmarestrackentry, it would cause a invalid address access in rdmarestrackclean() when print the owner of this rdmarestrackentry.

These code is used to help find one forgotten PD release in one of the ULPs. But it is not needed anymore, so delete them.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-42080

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.43.1-7

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47160.json"