static_call: Handle module init failure correctly in static_call_del_module()

...

AZL-51974 CVE-2024-50002 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure correctly in staticcalldelmodule Module insertion invokes staticcalladdmodule to initialize the static calls in a module. staticcalladdmodule invokes staticcallinit, which allocates a struct...

CVE-2024-50002

In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure correctly in staticcalldelmodule Module insertion invokes staticcalladdmodule to initialize the static calls in a module. staticcalladdmodule invokes staticcallinit, which allocates a struct...

UBUNTU-CVE-2024-50002

In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure correctly in staticcalldelmodule Module insertion invokes staticcalladdmodule to initialize the static calls in a module. staticcalladdmodule invokes staticcallinit, which allocates a struct...

CVE-2024-50002

CVE-2024-50002 affects the Linux kernel’s static_call subsystem. The root cause is a union in struct static_call_key where key::mods and key::sites share a pointer and are distinguished by a bit, but static_call_del_module() assumed a valid static_call_mod pointer and dereferenced it when an allo...