{"id":"AZL-51486","summary":"CVE-2024-49981 affecting package kernel for versions less than 5.15.173.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: fix use after free bug in venus_remove due to race condition\n\nin venus_probe, core-\u003ework is bound with venus_sys_error_handler, which is\nused to handle error. The code use core-\u003esys_err_done to make sync work.\nThe core-\u003ework is started in venus_event_notify.\n\nIf we call venus_remove, there might be an unfished work. The possible\nsequence is as follows:\n\nCPU0                  CPU1\n\n                     |venus_sys_error_handler\nvenus_remove         |\nhfi_destroy\t \t\t |\nvenus_hfi_destroy\t |\nkfree(hdev);\t     |\n                     |hfi_reinit\n\t\t\t\t\t |venus_hfi_queues_reinit\n                     |//use hdev\n\nFix it by canceling the work in venus_remove.","modified":"2026-04-01T05:20:45.335281Z","published":"2024-10-21T18:15:18Z","upstream":["CVE-2024-49981"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49981"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.173.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51486.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}