AZL-51063

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51063.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-51063

Upstream

CVE-2024-50059

Published

2024-10-21T20:15:18Z

Modified

2026-04-01T05:17:39.276261Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2024-50059 affecting package kernel for versions less than 5.15.173.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ntb: ntbhwswitchtec: Fix use after free vulnerability in switchtecntbremove due to race condition

In the switchtecntbadd function, it can call switchtecntbinitsndev function, then &sndev->checklinkstatuswork is bound with checklinkstatuswork. switchtecntblinknotification may be called to start the work.

If we remove the module which will call switchtecntbremove to make cleanup, it will free sndev through kfree(sndev), while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows:

CPU0 CPU1

                    | check_link_status_work

switchtecntbremove | kfree(sndev); | | if (sndev->linkforcedown) | // use sndev

Fix it by ensuring that the work is canceled before proceeding with the cleanup in switchtecntbremove.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50059

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.173.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51063.json"