AZL-49566

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49566.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-49566

Upstream

CVE-2024-46762

Published

2024-09-18T08:15:04Z

Modified

2026-04-01T05:17:24.396856Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-46762 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

xen: privcmd: Fix possible access to a freed kirqfd instance

Nothing prevents simultaneous ioctl calls to privcmdirqfdassign() and privcmdirqfddeassign(). If that happens, it is possible that a kirqfd created and added to the irqfdslist by privcmdirqfdassign() may get removed by another thread executing privcmdirqfd_deassign(), while the former is still using it after dropping the locks.

This can lead to a situation where an already freed kirqfd instance may be accessed and cause kernel oops.

Use SRCU locking to prevent the same, as is done for the KVM implementation for irqfds.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-46762

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49566.json"