VYPR
High severity7.8NVD Advisory· Published Oct 21, 2024· Updated Jun 17, 2026

CVE-2024-49936

CVE-2024-49936

Description

In the Linux kernel, the following vulnerability has been resolved:

net/xen-netback: prevent UAF in xenvif_flush_hash()

During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head->next after the entry becomes free.

Therefore, to solve this, you need to change it to list_for_each_entry_safe.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

229

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.