CVE-2024-49936

Updated: 2024-11-04 15:58:28.413041

Description:

In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head->next after the entry becomes free. Therefore, to solve this, you need to change it to list_for_each_entry_safe.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Needs Triage 2024-11-04 13:27:11
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Not Vulnerable 2024-12-06 03:33:32
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2024-11-06 11:57:02
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Not Vulnerable 2024-11-06 11:56:57
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2024-11-11 11:52:56
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2024-11-11 13:29:06
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2024-11-07 02:47:24
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2024-11-06 11:57:02
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Not Vulnerable 2024-11-06 11:56:56
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2024-11-06 11:56:57
Total: 14