AZL-54956

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54956.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-54956

Upstream

CVE-2023-52664

Published

2024-05-17T14:15:08Z

Modified

2026-04-21T04:35:45.600231Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-52664 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: atlantic: eliminate double free in error handling logic

Driver has a logic leak in ring data allocation/free, where aqringfree could be called multiple times on same ring, if system is under stress and got memory allocation error.

Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member.

Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aqringfree on higher layer.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-52664

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54956.json"