AZL-68550

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68550.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68550

Upstream

CVE-2024-56709

Published

2024-12-29T09:15:05Z

Modified

2026-04-01T05:21:27.219425Z

Summary

CVE-2024-56709 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

io_uring: check if iowq is killed before queuing

task work can be executed after the task has gone through iouring termination, whether it's the final taskwork run or the fallback path. In this case, task work will find ->iowq being already killed and null'ed, which is a problem if it then tries to forward the request to ioqueueiowq(). Make ioqueue_iowq() fail requests in this case.

Note that it also checks PFKTHREAD, because the user can first close a DEFERTASKRUN ring and shortly after kill the task, in which case ->iowq check would race.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-56709

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68550.json"