AZL-51756

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51756.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-51756

Upstream

CVE-2024-49991

Published

2024-10-21T18:15:19Z

Modified

2026-04-01T05:20:46.103022Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2024-49991 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: amdkfdfreegtt_mem clear the correct pointer

Pass pointer reference to amdgpubounref to clear the correct pointer, otherwise amdgpubounref clear the local variable, the original pointer not set to NULL, this could cause use-after-free bug.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-49991

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51756.json"