{"id":"AZL-35906","summary":"CVE-2024-26587 affecting package kernel for versions less than 5.15.158.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netdevsim: don't try to destroy PHC on VFs\n\nPHC gets initialized in nsim_init_netdevsim(), which\nis only called if (nsim_dev_port_is_pf()).\n\nCreate a counterpart of nsim_init_netdevsim() and\nmove the mock_phc_destroy() there.\n\nThis fixes a crash trying to destroy netdevsim with\nVFs instantiated, as caught by running the devlink.sh test:\n\n    BUG: kernel NULL pointer dereference, address: 00000000000000b8\n    RIP: 0010:mock_phc_destroy+0xd/0x30\n    Call Trace:\n     \u003cTASK\u003e\n     nsim_destroy+0x4a/0x70 [netdevsim]\n     __nsim_dev_port_del+0x47/0x70 [netdevsim]\n     nsim_dev_reload_destroy+0x105/0x120 [netdevsim]\n     nsim_drv_remove+0x2f/0xb0 [netdevsim]\n     device_release_driver_internal+0x1a1/0x210\n     bus_remove_device+0xd5/0x120\n     device_del+0x159/0x490\n     device_unregister+0x12/0x30\n     del_device_store+0x11a/0x1a0 [netdevsim]\n     kernfs_fop_write_iter+0x130/0x1d0\n     vfs_write+0x30b/0x4b0\n     ksys_write+0x69/0xf0\n     do_syscall_64+0xcc/0x1e0\n     entry_SYSCALL_64_after_hwframe+0x6f/0x77","modified":"2026-04-21T04:25:15.468541Z","published":"2024-02-22T17:15:08Z","upstream":["CVE-2024-26587"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26587"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.158.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35906.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}