AZL-50892

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50892.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-50892

Upstream

CVE-2024-47748

Published

2024-10-21T13:15:04Z

Modified

2026-04-01T05:17:37.719271Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2024-47748 affecting package kernel for versions less than 6.6.56.1-5

Details

In the Linux kernel, the following vulnerability has been resolved:

vhost_vdpa: assign irq bypass producer token correctly

We used to call irqbypassunregisterproducer() in vhostvdpasetupvq_irq() which is problematic as we don't know if the token pointer is still valid or not.

Actually, we use the eventfdctx as the token so the life cycle of the token should be bound to the VHOSTSETVRINGCALL instead of vhostvdpasetupvqirq() which could be called by set_status().

Fixing this by setting up irq bypass producer's token when handling VHOSTSETVRINGCALL and un-registering the producer before calling vhostvringioctl() to prevent a possible use after free as eventfd could have been released in vhostvringioctl(). And such registering and unregistering will only be done if DRIVEROK is set.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47748

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.56.1-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50892.json"