AZL-55838

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55838.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-55838

Upstream

CVE-2024-36476

Published

2025-01-15T13:15:09Z

Modified

2026-04-01T05:18:45.245279Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-36476 affecting package kernel for versions less than 6.6.76.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rtrs: Ensure 'ib_sge list' is accessible

Move the declaration of the 'ibsge list' variable outside the 'alwaysinvalidate' block to ensure it remains accessible for use throughout the function.

Previously, 'ibsge list' was declared within the 'alwaysinvalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1]. ? __diebody.cold+0x19/0x27 ? pagefault_oops+0x15a/0x2d0 ? searchmoduleextables+0x19/0x60 ? searchbpfextables+0x5f/0x80 ? excpagefault+0x7e/0x180 ? asmexcpagefault+0x26/0x30 ? memcpyorig+0xd5/0x140 rxemrcopy+0x1c3/0x200 [rdmarxe] ? rxepoolgetindex+0x4b/0x80 [rdmarxe] copydata+0xa5/0x230 [rdmarxe] rxerequester+0xd9b/0xf70 [rdmarxe] ? finishtaskswitch.isra.0+0x99/0x2e0 rxesender+0x13/0x40 [rdmarxe] dotask+0x68/0x1e0 [rdmarxe] processonework+0x177/0x330 workerthread+0x252/0x390 ? __pfxworkerthread+0x10/0x10

This change ensures the variable is available for subsequent operations that require it.

[1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/

References

https://nvd.nist.gov/vuln/detail/CVE-2024-36476

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.76.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55838.json"