AZL-51416

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51416.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-51416

Upstream

CVE-2024-50028

Published

2024-10-21T20:15:16Z

Modified

2026-04-01T05:17:43.920471Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-50028 affecting package kernel 6.6.126.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Reference count the zone in thermalzonegetbyid()

There are places in the thermal netlink code where nothing prevents the thermal zone object from going away while being accessed after it has been returned by thermalzonegetbyid().

To address this, make thermalzonegetbyid() get a reference on the thermal zone device object to be returned with the help of getdevice(), under thermallist_lock, and adjust all of its callers to this change with the help of the cleanup.h infrastructure.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50028

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.6.126.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51416.json"