AZL-49675

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49675.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-49675

Upstream

CVE-2024-46784

Published

2024-09-18T08:15:05Z

Modified

2026-04-01T05:16:13.912713Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-46784 affecting package kernel for versions less than 5.15.182.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Fix error handling in manacreatetxq/rxq's NAPI cleanup

Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic.

? pagefaultoops+0x136/0x2b0 ? pagecountercancel+0x2e/0x80 ? douseraddrfault+0x2f2/0x640 ? refillobjstock+0xc4/0x110 ? excpagefault+0x71/0x160 ? asmexcpagefault+0x27/0x30 ? __mmdrop+0x10/0x180 ? _mmdrop+0xec/0x180 ? hrtimeractive+0xd/0x50 hrtimertrytocancel+0x2c/0xf0 hrtimercancel+0x15/0x30 napidisable+0x65/0x90 manadestroyrxq+0x4c/0x2f0 manacreaterxq.isra.0+0x56c/0x6d0 ? manauncfgvport+0x50/0x50 manaallocqueues+0x21b/0x320 ? skbdequeue+0x5f/0x80

References

https://nvd.nist.gov/vuln/detail/CVE-2024-46784

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.182.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49675.json"