AZL-51942

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51942.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-51942
Upstream
Published
2024-10-29T01:15:05Z
Modified
2026-04-01T05:16:27.890822Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
CVE-2024-50080 affecting package kernel for versions less than 6.6.64.2-1
Details

In the Linux kernel, the following vulnerability has been resolved:

ublk: don't allow user copy for unprivileged device

UBLKFUSER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted.

So don't allow user copy for unprivileged device.

References

Affected packages

Azure Linux:3 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6.64.2-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51942.json"