CVE-2024-49936
Published: Oct 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head->next after the entry becomes free. Therefore, to solve this, you need to change it to list_for_each_entry_safe.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 - < 3c4423b0c4b98213b3438e15061e1d08220e6982affected 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 - < a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22caffected 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 - < a0465723b8581cad27164c9073fd780904cd22d4affected 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 - < efcff6ce7467f01f0753609f420333f3f2cecedaaffected 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 - < 143edf098b80669d05245b2f2367dd156a83a2c5+3 more versions |
Linux | Linux | affected 4.7unaffected 0 - < 4.7unaffected 5.4.290 - <= 5.4.*unaffected 5.10.227 - <= 5.10.*unaffected 5.15.168 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now