{"id":"AZL-68346","summary":"CVE-2024-46717 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n   last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.","modified":"2026-04-01T05:21:24.681239Z","published":"2024-09-18T07:15:03Z","upstream":["CVE-2024-46717"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46717"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68346.json"}}],"schema_version":"1.7.5"}