AZL-47543

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47543.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-47543

Upstream

CVE-2024-42235

Published

2024-08-07T16:15:46Z

Modified

2026-04-01T05:17:03.428700Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-42235 affecting package kernel for versions less than 6.6.43.1-7

Details

In the Linux kernel, the following vulnerability has been resolved:

s390/mm: Add NULL pointer check to crsttablefree() basecrstfree()

crsttablefree() used to work with NULL pointers before the conversion to ptdescs. Since crsttablefree() can be called with a NULL pointer (error handling in crsttableupgrade() add an explicit check.

Also add the same check to basecrstfree() for consistency reasons.

In real life this should not happen, since order two GFPKERNEL allocations will not fail, unless FAILPAGE_ALLOC is enabled and used.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-42235

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.43.1-7

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-47543.json"