AZL-51456

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51456.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-51456

Upstream

CVE-2024-49936

Published

2024-10-21T18:15:15Z

Modified

2026-04-01T05:20:45.802143Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2024-49936 affecting package kernel for versions less than 5.15.173.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net/xen-netback: prevent UAF in xenvifflushhash()

During the listforeachentryrcu iteration call of xenvifflushhash, kfreercu does not exist inside the rcu read critical section, so if kfreercu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head->next after the entry becomes free.

Therefore, to solve this, you need to change it to listforeachentrysafe.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-49936

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.173.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51456.json"