CVE-2024-49936

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-49936
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49936.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-49936
Downstream
Related
Published
2024-10-21T18:01:57.066Z
Modified
2026-03-20T12:38:10.106003Z
Summary
net/xen-netback: prevent UAF in xenvif_flush_hash()
Details

In the Linux kernel, the following vulnerability has been resolved:

net/xen-netback: prevent UAF in xenvifflushhash()

During the listforeachentryrcu iteration call of xenvifflushhash, kfreercu does not exist inside the rcu read critical section, so if kfreercu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head->next after the entry becomes free.

Therefore, to solve this, you need to change it to listforeachentrysafe.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49936.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
40d8abdee806d496a60ee607a6d01b1cd7fabaf0
Fixed
3c4423b0c4b98213b3438e15061e1d08220e6982
Fixed
a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c
Fixed
a0465723b8581cad27164c9073fd780904cd22d4
Fixed
efcff6ce7467f01f0753609f420333f3f2ceceda
Fixed
143edf098b80669d05245b2f2367dd156a83a2c5
Fixed
d408889d4b54f5501e4becc4dbbb9065143fbf4e
Fixed
54d8639af5568fc41c0e274fc3ec9cf86c59fcbb
Fixed
0fa5e94a1811d68fbffa0725efe6d4ca62c03d12

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49936.json"