AZL-47198

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47198.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-47198
Upstream
Published
2024-07-29T16:15:07Z
Modified
2026-04-01T05:16:59.407157Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
CVE-2024-42078 affecting package kernel for versions less than 6.6.43.1-7
Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: initialise nfsd_info.mutex early.

nfsdinfo.mutex can be dereferenced by svcpoolstatsstart() immediately after the new netns is created. Currently this can trigger an oops.

Move the initialisation earlier before it can possibly be dereferenced.

References

Affected packages

Azure Linux:3 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6.43.1-7

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47198.json"