Azure Linux 3.0 Security Update: kernel (CVE-2024-40951)

🗓️ 22 Jan 2026 00:00:00Reported by TenableType

Azure Linux 3.0 kernel fixes OCFS2 NULL pointer dereference in ocfs2_abort_trigger(CVE-2024-40951).

Reporter	Title	Published	Views	Family All 59
BDU FSTEC	The vulnerability of the ocfs2_aborttrigger() function in the fs/ocfs2/journal.c module of the ocfs2 component in the Linux operating system allows a attacker to trigger a service failure.	5 Feb 202500:00	–	bdu_fstec
CBLMariner	CVE-2024-40951 affecting package kernel for versions less than 6.6.43.1-7	14 Aug 202420:43	–	cbl_mariner
CNNVD	Linux kernel code issue vulnerability	12 Jul 202400:00	–	cnnvd
CVE	CVE-2024-40951	12 Jul 202412:31	–	cve
Cvelist	CVE-2024-40951 ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()	12 Jul 202412:31	–	cvelist
Debian CVE	CVE-2024-40951	12 Jul 202412:31	–	debiancve
Microsoft CVE	ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()	16 Aug 202407:00	–	mscve
Tenable Nessus	NewStart CGSL MAIN 7.02 : kernel Multiple Vulnerabilities (NS-SA-2025-0118)	25 Jul 202500:00	–	nessus
Tenable Nessus	Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6999-1)	11 Sep 202400:00	–	nessus
Tenable Nessus	Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6999-2)	23 Sep 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-40951
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(295118);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/22");

  script_cve_id("CVE-2024-40951");

  script_name(english:"Azure Linux 3.0 Security Update: kernel (CVE-2024-40951)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Azure Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore,
affected by a vulnerability as referenced in the CVE-2024-40951 advisory.

  - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in
    ocfs2_abort_trigger() bdev->bd_super has been removed and commit 8887b94d9322 change the usage from
    bdev->bd_super to b_assoc_map->host->i_sb. Since ocfs2 hasn't set bh->b_assoc_map, it will trigger NULL
    pointer dereference when calling into ocfs2_abort_trigger(). Actually this was pointed out in history, see
    commit 74e364ad1b13. But I've made a mistake when reviewing commit 8887b94d9322 and then re-introduce this
    regression. Since we cannot revive bdev in buffer head, so fix this issue by initializing all types of
    ocfs2 triggers when fill super, and then get the specific ocfs2 trigger from ocfs2_caching_info when
    access journal. [[email protected]: v2] (CVE-2024-40951)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2024-40951");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-40951");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/07/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/08/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-cross-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:azure_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Azure Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AzureLinux/release", "Host/AzureLinux/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AzureLinux/release');
if (isnull(release) || 'Azure Linux' >!< release) audit(AUDIT_OS_NOT, 'Azure Linux');
var os_ver = pregmatch(pattern: "Azure Linux ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Azure Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Azure Linux 3.0', 'Azure Linux ' + os_ver);

if (!get_kb_item('Host/AzureLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
  audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Azure Linux', cpu);

var pkgs = [
    {'reference':'kernel-cross-headers-6.6.35.1-5.azl3', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-headers-6.6.35.1-5.azl3', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-headers-6.6.35.1-5.azl3', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Azure Linux ' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-cross-headers / kernel-headers');
}

22 Jan 2026 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.15.5

EPSS0.00018

SSVC