AZL-50945

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50945.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-50945

Upstream

CVE-2024-47737

Published

2024-10-21T13:15:03Z

Modified

2026-04-01T05:17:38.340768Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-47737 affecting package kernel for versions less than 6.6.56.1-5

Details

In the Linux kernel, the following vulnerability has been resolved:

nfsd: call cacheput if xdrreserve_space returns NULL

If not enough buffer space available, but idmaplookup has triggered lookupfn which calls cacheget and returns successfully. Then we missed to call cacheput here which pairs with cache_get.

Reviwed-by: Jeff Layton jlayton@kernel.org

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47737

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.56.1-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50945.json"