Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0613
Vulnerability from certfr_avis - Published: 2024-07-19 - Updated: 2024-07-19
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bullseye versions ant\u00e9rieures \u00e0 5.10.221-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.99-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-40931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40931"
},
{
"name": "CVE-2024-38662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38662"
},
{
"name": "CVE-2024-41001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41001"
},
{
"name": "CVE-2024-38627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38627"
},
{
"name": "CVE-2024-38599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38599"
},
{
"name": "CVE-2024-37353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37353"
},
{
"name": "CVE-2024-39298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39298"
},
{
"name": "CVE-2024-38555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38555"
},
{
"name": "CVE-2024-39503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39503"
},
{
"name": "CVE-2024-40903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40903"
},
{
"name": "CVE-2024-40988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40988"
},
{
"name": "CVE-2024-41004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41004"
},
{
"name": "CVE-2024-36973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36973"
},
{
"name": "CVE-2024-40919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40919"
},
{
"name": "CVE-2024-40935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40935"
},
{
"name": "CVE-2024-26629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26629"
},
{
"name": "CVE-2024-38583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38583"
},
{
"name": "CVE-2023-52760",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52760"
},
{
"name": "CVE-2024-39474",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39474"
},
{
"name": "CVE-2024-41000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41000"
},
{
"name": "CVE-2024-36974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36974"
},
{
"name": "CVE-2024-39496",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39496"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2024-38548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38548"
},
{
"name": "CVE-2022-48772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48772"
},
{
"name": "CVE-2024-37356",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
},
{
"name": "CVE-2024-38659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38659"
},
{
"name": "CVE-2024-39469",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39469"
},
{
"name": "CVE-2024-39509",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39509"
},
{
"name": "CVE-2024-39484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39484"
},
{
"name": "CVE-2024-40971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40971"
},
{
"name": "CVE-2024-39505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39505"
},
{
"name": "CVE-2024-38601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38601"
},
{
"name": "CVE-2024-40932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40932"
},
{
"name": "CVE-2024-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38546"
},
{
"name": "CVE-2024-41006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41006"
},
{
"name": "CVE-2024-38596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38596"
},
{
"name": "CVE-2024-40904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40904"
},
{
"name": "CVE-2024-40900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40900"
},
{
"name": "CVE-2024-40920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40920"
},
{
"name": "CVE-2024-38590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38590"
},
{
"name": "CVE-2024-40960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
},
{
"name": "CVE-2024-39480",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39480"
},
{
"name": "CVE-2024-33847",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33847"
},
{
"name": "CVE-2024-39488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39488"
},
{
"name": "CVE-2024-40959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
},
{
"name": "CVE-2024-40899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40899"
},
{
"name": "CVE-2024-38560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38560"
},
{
"name": "CVE-2024-25741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25741"
},
{
"name": "CVE-2024-40937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40937"
},
{
"name": "CVE-2024-40916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40916"
},
{
"name": "CVE-2024-38578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38578"
},
{
"name": "CVE-2024-38586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38586"
},
{
"name": "CVE-2024-40976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40976"
},
{
"name": "CVE-2024-39468",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39468"
},
{
"name": "CVE-2024-38582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38582"
},
{
"name": "CVE-2024-40980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40980"
},
{
"name": "CVE-2024-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
},
{
"name": "CVE-2024-38558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
},
{
"name": "CVE-2024-38613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38613"
},
{
"name": "CVE-2024-40989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-34027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34027"
},
{
"name": "CVE-2024-39502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
},
{
"name": "CVE-2024-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40977"
},
{
"name": "CVE-2024-40983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
},
{
"name": "CVE-2024-38565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38565"
},
{
"name": "CVE-2024-38612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38612"
},
{
"name": "CVE-2024-39301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39301"
},
{
"name": "CVE-2024-39467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39467"
},
{
"name": "CVE-2024-40940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40940"
},
{
"name": "CVE-2024-40963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40963"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-40947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40947"
},
{
"name": "CVE-2024-41005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41005"
},
{
"name": "CVE-2024-39507",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39507"
},
{
"name": "CVE-2024-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
},
{
"name": "CVE-2024-36978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36978"
},
{
"name": "CVE-2024-40905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40905"
},
{
"name": "CVE-2024-40906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40906"
},
{
"name": "CVE-2024-39475",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39475"
},
{
"name": "CVE-2024-40902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40902"
},
{
"name": "CVE-2024-40934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40934"
},
{
"name": "CVE-2024-40970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40970"
},
{
"name": "CVE-2024-40912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40912"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-39371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39371"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-38634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38634"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2024-38547",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38547"
},
{
"name": "CVE-2024-40938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40938"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2024-35247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35247"
},
{
"name": "CVE-2024-40948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40948"
},
{
"name": "CVE-2024-38633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38633"
},
{
"name": "CVE-2024-40995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
},
{
"name": "CVE-2024-39500",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39500"
},
{
"name": "CVE-2024-40910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40910"
},
{
"name": "CVE-2024-40929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40929"
},
{
"name": "CVE-2024-39501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
},
{
"name": "CVE-2024-36014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36014"
},
{
"name": "CVE-2024-36015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36015"
},
{
"name": "CVE-2024-40943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40943"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2024-40901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
},
{
"name": "CVE-2024-39495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39495"
},
{
"name": "CVE-2024-39471",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39471"
},
{
"name": "CVE-2024-39494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39494"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-40908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40908"
},
{
"name": "CVE-2024-40913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40913"
},
{
"name": "CVE-2024-38549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38549"
},
{
"name": "CVE-2024-38619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
},
{
"name": "CVE-2024-40956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40956"
},
{
"name": "CVE-2024-40966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40966"
},
{
"name": "CVE-2024-38780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38780"
},
{
"name": "CVE-2024-39476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39476"
},
{
"name": "CVE-2024-40957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40957"
},
{
"name": "CVE-2024-40939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40939"
},
{
"name": "CVE-2024-40994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40994"
},
{
"name": "CVE-2024-38567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38567"
},
{
"name": "CVE-2024-27019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
},
{
"name": "CVE-2024-40987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40987"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-40945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40945"
},
{
"name": "CVE-2024-40941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40941"
},
{
"name": "CVE-2024-40967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40967"
},
{
"name": "CVE-2024-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38637"
},
{
"name": "CVE-2024-38635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38635"
},
{
"name": "CVE-2024-40921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40921"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2024-36016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36016"
},
{
"name": "CVE-2024-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38618"
},
{
"name": "CVE-2024-39276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39276"
},
{
"name": "CVE-2024-39506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
},
{
"name": "CVE-2024-40990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40990"
},
{
"name": "CVE-2024-40978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
},
{
"name": "CVE-2024-40968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40968"
},
{
"name": "CVE-2024-38589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38589"
},
{
"name": "CVE-2024-38598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38598"
},
{
"name": "CVE-2024-38381",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38381"
},
{
"name": "CVE-2024-37078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37078"
},
{
"name": "CVE-2024-38661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38661"
},
{
"name": "CVE-2024-39493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39493"
},
{
"name": "CVE-2024-40996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40996"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2024-38559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38559"
},
{
"name": "CVE-2024-40981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40981"
},
{
"name": "CVE-2024-38621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38621"
},
{
"name": "CVE-2024-40915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40915"
},
{
"name": "CVE-2024-38597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38597"
},
{
"name": "CVE-2024-40993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40993"
},
{
"name": "CVE-2024-39482",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39482"
},
{
"name": "CVE-2024-36288",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36288"
},
{
"name": "CVE-2024-39499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
},
{
"name": "CVE-2024-38579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38579"
},
{
"name": "CVE-2024-39292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39292"
},
{
"name": "CVE-2024-38607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38607"
},
{
"name": "CVE-2024-38587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38587"
},
{
"name": "CVE-2024-41002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41002"
},
{
"name": "CVE-2024-40911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40911"
},
{
"name": "CVE-2024-36894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36894"
},
{
"name": "CVE-2024-40942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40942"
},
{
"name": "CVE-2024-38605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38605"
},
{
"name": "CVE-2024-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38552"
},
{
"name": "CVE-2024-39510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39510"
},
{
"name": "CVE-2024-38615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38615"
},
{
"name": "CVE-2024-40914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40914"
},
{
"name": "CVE-2024-40953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40953"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
}
],
"initial_release_date": "2024-07-19T00:00:00",
"last_revision_date": "2024-07-19T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0613",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5731-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00142.html"
},
{
"published_at": "2024-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5730-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00141.html"
}
]
}
CVE-2024-40940 (GCVE-0-2024-40940)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2026-05-11 20:22
VLAI
EPSS
Title
net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
In case of flow rule creation fail in mlx5_lag_create_port_sel_table(),
instead of previously created rules, the tainted pointer is deleted
deveral times.
Fix this bug by using correct flow rules pointers.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
352899f384d4aefa77ede6310d08c1b515612a8f , < 531eab2da27dd42d68dfb841d82e987f4a6738b8
(git)
Affected: 352899f384d4aefa77ede6310d08c1b515612a8f , < d857df86837ac1c30592e8a068204d16feac9930 (git) Affected: 352899f384d4aefa77ede6310d08c1b515612a8f , < a03a3fa12769e25f4385bee587afe1445aee7f7a (git) Affected: 352899f384d4aefa77ede6310d08c1b515612a8f , < 229bedbf62b13af5aba6525ad10b62ad38d9ccb5 (git) |
|
| Linux | Linux |
Affected:
5.19
Unaffected: 0 , < 5.19 (semver) Unaffected: 6.1.95 , ≤ 6.1.* (semver) Unaffected: 6.6.35 , ≤ 6.6.* (semver) Unaffected: 6.9.6 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:08.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:04:30.416293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:02.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "531eab2da27dd42d68dfb841d82e987f4a6738b8",
"status": "affected",
"version": "352899f384d4aefa77ede6310d08c1b515612a8f",
"versionType": "git"
},
{
"lessThan": "d857df86837ac1c30592e8a068204d16feac9930",
"status": "affected",
"version": "352899f384d4aefa77ede6310d08c1b515612a8f",
"versionType": "git"
},
{
"lessThan": "a03a3fa12769e25f4385bee587afe1445aee7f7a",
"status": "affected",
"version": "352899f384d4aefa77ede6310d08c1b515612a8f",
"versionType": "git"
},
{
"lessThan": "229bedbf62b13af5aba6525ad10b62ad38d9ccb5",
"status": "affected",
"version": "352899f384d4aefa77ede6310d08c1b515612a8f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix tainted pointer delete is case of flow rules creation fail\n\nIn case of flow rule creation fail in mlx5_lag_create_port_sel_table(),\ninstead of previously created rules, the tainted pointer is deleted\ndeveral times.\nFix this bug by using correct flow rules pointers.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:22:47.133Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8"
},
{
"url": "https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930"
},
{
"url": "https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a"
},
{
"url": "https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5"
}
],
"title": "net/mlx5: Fix tainted pointer delete is case of flow rules creation fail",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40940",
"datePublished": "2024-07-12T12:25:15.808Z",
"dateReserved": "2024-07-12T12:17:45.587Z",
"dateUpdated": "2026-05-11T20:22:47.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40941 (GCVE-0-2024-40941)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2026-05-12 11:55
VLAI
EPSS
Title
wifi: iwlwifi: mvm: don't read past the mfuart notifcation
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: don't read past the mfuart notifcation
In case the firmware sends a notification that claims it has more data
than it has, we will read past that was allocated for the notification.
Remove the print of the buffer, we won't see it by default. If needed,
we can see the content with tracing.
This was reported by KFENCE.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87 , < 15b37c6fab9d5e40ac399fa1c725118588ed649c
(git)
Affected: bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87 , < 6532f18e66b384b8d4b7e5c9caca042faaa9e8de (git) Affected: bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87 , < 46c59a25337049a2a230ce7f7c3b9f21d0aaaad7 (git) Affected: bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87 , < 65686118845d427df27ee83a6ddd4885596b0805 (git) Affected: bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87 , < a8bc8276af9aeacabb773f0c267cfcdb847c6f2d (git) Affected: bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87 , < a05018739a5e6b9dc112c95bd4c59904062c8940 (git) Affected: bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87 , < acdfa33c3cf5e1cd185cc1e0486bd0ea9f09c154 (git) Affected: bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87 , < 4bb95f4535489ed830cf9b34b0a891e384d1aee4 (git) |
|
| Linux | Linux |
Affected:
4.12
Unaffected: 0 , < 4.12 (semver) Unaffected: 4.19.317 , ≤ 4.19.* (semver) Unaffected: 5.4.279 , ≤ 5.4.* (semver) Unaffected: 5.10.221 , ≤ 5.10.* (semver) Unaffected: 5.15.162 , ≤ 5.15.* (semver) Unaffected: 6.1.95 , ≤ 6.1.* (semver) Unaffected: 6.6.35 , ≤ 6.6.* (semver) Unaffected: 6.9.6 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:09.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15b37c6fab9d5e40ac399fa1c725118588ed649c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6532f18e66b384b8d4b7e5c9caca042faaa9e8de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46c59a25337049a2a230ce7f7c3b9f21d0aaaad7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65686118845d427df27ee83a6ddd4885596b0805"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8bc8276af9aeacabb773f0c267cfcdb847c6f2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a05018739a5e6b9dc112c95bd4c59904062c8940"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/acdfa33c3cf5e1cd185cc1e0486bd0ea9f09c154"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bb95f4535489ed830cf9b34b0a891e384d1aee4"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:04:27.174658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:02.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:55:44.146Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/fw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "15b37c6fab9d5e40ac399fa1c725118588ed649c",
"status": "affected",
"version": "bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87",
"versionType": "git"
},
{
"lessThan": "6532f18e66b384b8d4b7e5c9caca042faaa9e8de",
"status": "affected",
"version": "bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87",
"versionType": "git"
},
{
"lessThan": "46c59a25337049a2a230ce7f7c3b9f21d0aaaad7",
"status": "affected",
"version": "bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87",
"versionType": "git"
},
{
"lessThan": "65686118845d427df27ee83a6ddd4885596b0805",
"status": "affected",
"version": "bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87",
"versionType": "git"
},
{
"lessThan": "a8bc8276af9aeacabb773f0c267cfcdb847c6f2d",
"status": "affected",
"version": "bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87",
"versionType": "git"
},
{
"lessThan": "a05018739a5e6b9dc112c95bd4c59904062c8940",
"status": "affected",
"version": "bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87",
"versionType": "git"
},
{
"lessThan": "acdfa33c3cf5e1cd185cc1e0486bd0ea9f09c154",
"status": "affected",
"version": "bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87",
"versionType": "git"
},
{
"lessThan": "4bb95f4535489ed830cf9b34b0a891e384d1aee4",
"status": "affected",
"version": "bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/fw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t read past the mfuart notifcation\n\nIn case the firmware sends a notification that claims it has more data\nthan it has, we will read past that was allocated for the notification.\nRemove the print of the buffer, we won\u0027t see it by default. If needed,\nwe can see the content with tracing.\n\nThis was reported by KFENCE."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:22:48.251Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/15b37c6fab9d5e40ac399fa1c725118588ed649c"
},
{
"url": "https://git.kernel.org/stable/c/6532f18e66b384b8d4b7e5c9caca042faaa9e8de"
},
{
"url": "https://git.kernel.org/stable/c/46c59a25337049a2a230ce7f7c3b9f21d0aaaad7"
},
{
"url": "https://git.kernel.org/stable/c/65686118845d427df27ee83a6ddd4885596b0805"
},
{
"url": "https://git.kernel.org/stable/c/a8bc8276af9aeacabb773f0c267cfcdb847c6f2d"
},
{
"url": "https://git.kernel.org/stable/c/a05018739a5e6b9dc112c95bd4c59904062c8940"
},
{
"url": "https://git.kernel.org/stable/c/acdfa33c3cf5e1cd185cc1e0486bd0ea9f09c154"
},
{
"url": "https://git.kernel.org/stable/c/4bb95f4535489ed830cf9b34b0a891e384d1aee4"
}
],
"title": "wifi: iwlwifi: mvm: don\u0027t read past the mfuart notifcation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40941",
"datePublished": "2024-07-12T12:25:16.471Z",
"dateReserved": "2024-07-12T12:17:45.587Z",
"dateUpdated": "2026-05-12T11:55:44.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40942 (GCVE-0-2024-40942)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2026-05-12 11:55
VLAI
EPSS
Title
wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
The hwmp code use objects of type mesh_preq_queue, added to a list in
ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath
gets deleted, ex mesh interface is removed, the entries in that list will
never get cleaned. Fix this by flushing all corresponding items of the
preq_queue in mesh_path_flush_pending().
This should take care of KASAN reports like this:
unreferenced object 0xffff00000668d800 (size 128):
comm "kworker/u8:4", pid 67, jiffies 4295419552 (age 1836.444s)
hex dump (first 32 bytes):
00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....
8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>...........
backtrace:
[<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c
[<00000000049bd418>] kmalloc_trace+0x34/0x80
[<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8
[<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c
[<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4
[<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764
[<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4
[<000000004c86e916>] dev_hard_start_xmit+0x174/0x440
[<0000000023495647>] __dev_queue_xmit+0xe24/0x111c
[<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4
[<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508
[<00000000adc3cd94>] process_one_work+0x4b8/0xa1c
[<00000000b36425d1>] worker_thread+0x9c/0x634
[<0000000005852dd5>] kthread+0x1bc/0x1c4
[<000000005fccd770>] ret_from_fork+0x10/0x20
unreferenced object 0xffff000009051f00 (size 128):
comm "kworker/u8:4", pid 67, jiffies 4295419553 (age 1836.440s)
hex dump (first 32 bytes):
90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....
36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy.....
backtrace:
[<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c
[<00000000049bd418>] kmalloc_trace+0x34/0x80
[<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8
[<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c
[<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4
[<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764
[<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4
[<000000004c86e916>] dev_hard_start_xmit+0x174/0x440
[<0000000023495647>] __dev_queue_xmit+0xe24/0x111c
[<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4
[<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508
[<00000000adc3cd94>] process_one_work+0x4b8/0xa1c
[<00000000b36425d1>] worker_thread+0x9c/0x634
[<0000000005852dd5>] kthread+0x1bc/0x1c4
[<000000005fccd770>] ret_from_fork+0x10/0x20
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < 377dbb220edc8421b7960691876c5b3bef62f89b
(git)
Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < ec79670eae430b3ffb7e0a6417ad7657728b8f95 (git) Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < 7518e20a189f8659b8b83969db4d33a4068fcfc3 (git) Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < c4c865f971fd4a255208f57ef04d814c2ae9e0dc (git) Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < 617dadbfb2d3e152c5753e28356d189c9d6f33c0 (git) Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < 63d5f89bb5664d60edbf8cf0df911aaae8ed96a4 (git) Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < d81e244af521de63ad2883e17571b789c39b6549 (git) Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < b7d7f11a291830fdf69d3301075dd0fb347ced84 (git) |
|
| Linux | Linux |
Affected:
2.6.26
Unaffected: 0 , < 2.6.26 (semver) Unaffected: 4.19.317 , ≤ 4.19.* (semver) Unaffected: 5.4.279 , ≤ 5.4.* (semver) Unaffected: 5.10.221 , ≤ 5.10.* (semver) Unaffected: 5.15.162 , ≤ 5.15.* (semver) Unaffected: 6.1.95 , ≤ 6.1.* (semver) Unaffected: 6.6.35 , ≤ 6.6.* (semver) Unaffected: 6.9.6 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:11.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:04:23.938409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:25.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:55:45.364Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/mesh_pathtbl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "377dbb220edc8421b7960691876c5b3bef62f89b",
"status": "affected",
"version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
"versionType": "git"
},
{
"lessThan": "ec79670eae430b3ffb7e0a6417ad7657728b8f95",
"status": "affected",
"version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
"versionType": "git"
},
{
"lessThan": "7518e20a189f8659b8b83969db4d33a4068fcfc3",
"status": "affected",
"version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
"versionType": "git"
},
{
"lessThan": "c4c865f971fd4a255208f57ef04d814c2ae9e0dc",
"status": "affected",
"version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
"versionType": "git"
},
{
"lessThan": "617dadbfb2d3e152c5753e28356d189c9d6f33c0",
"status": "affected",
"version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
"versionType": "git"
},
{
"lessThan": "63d5f89bb5664d60edbf8cf0df911aaae8ed96a4",
"status": "affected",
"version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
"versionType": "git"
},
{
"lessThan": "d81e244af521de63ad2883e17571b789c39b6549",
"status": "affected",
"version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
"versionType": "git"
},
{
"lessThan": "b7d7f11a291830fdf69d3301075dd0fb347ced84",
"status": "affected",
"version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/mesh_pathtbl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n hex dump (first 32 bytes):\n 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....\u003e...........\n backtrace:\n [\u003c000000007302a0b6\u003e] __kmem_cache_alloc_node+0x1e0/0x35c\n [\u003c00000000049bd418\u003e] kmalloc_trace+0x34/0x80\n [\u003c0000000000d792bb\u003e] mesh_queue_preq+0x44/0x2a8\n [\u003c00000000c99c3696\u003e] mesh_nexthop_resolve+0x198/0x19c\n [\u003c00000000926bf598\u003e] ieee80211_xmit+0x1d0/0x1f4\n [\u003c00000000fc8c2284\u003e] __ieee80211_subif_start_xmit+0x30c/0x764\n [\u003c000000005926ee38\u003e] ieee80211_subif_start_xmit+0x9c/0x7a4\n [\u003c000000004c86e916\u003e] dev_hard_start_xmit+0x174/0x440\n [\u003c0000000023495647\u003e] __dev_queue_xmit+0xe24/0x111c\n [\u003c00000000cfe9ca78\u003e] batadv_send_skb_packet+0x180/0x1e4\n [\u003c000000007bacc5d5\u003e] batadv_v_elp_periodic_work+0x2f4/0x508\n [\u003c00000000adc3cd94\u003e] process_one_work+0x4b8/0xa1c\n [\u003c00000000b36425d1\u003e] worker_thread+0x9c/0x634\n [\u003c0000000005852dd5\u003e] kthread+0x1bc/0x1c4\n [\u003c000000005fccd770\u003e] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n hex dump (first 32 bytes):\n 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6\u0027.......Xy.....\n backtrace:\n [\u003c000000007302a0b6\u003e] __kmem_cache_alloc_node+0x1e0/0x35c\n [\u003c00000000049bd418\u003e] kmalloc_trace+0x34/0x80\n [\u003c0000000000d792bb\u003e] mesh_queue_preq+0x44/0x2a8\n [\u003c00000000c99c3696\u003e] mesh_nexthop_resolve+0x198/0x19c\n [\u003c00000000926bf598\u003e] ieee80211_xmit+0x1d0/0x1f4\n [\u003c00000000fc8c2284\u003e] __ieee80211_subif_start_xmit+0x30c/0x764\n [\u003c000000005926ee38\u003e] ieee80211_subif_start_xmit+0x9c/0x7a4\n [\u003c000000004c86e916\u003e] dev_hard_start_xmit+0x174/0x440\n [\u003c0000000023495647\u003e] __dev_queue_xmit+0xe24/0x111c\n [\u003c00000000cfe9ca78\u003e] batadv_send_skb_packet+0x180/0x1e4\n [\u003c000000007bacc5d5\u003e] batadv_v_elp_periodic_work+0x2f4/0x508\n [\u003c00000000adc3cd94\u003e] process_one_work+0x4b8/0xa1c\n [\u003c00000000b36425d1\u003e] worker_thread+0x9c/0x634\n [\u003c0000000005852dd5\u003e] kthread+0x1bc/0x1c4\n [\u003c000000005fccd770\u003e] ret_from_fork+0x10/0x20"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:22:49.483Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b"
},
{
"url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95"
},
{
"url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3"
},
{
"url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc"
},
{
"url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0"
},
{
"url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4"
},
{
"url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549"
},
{
"url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84"
}
],
"title": "wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40942",
"datePublished": "2024-07-12T12:25:17.149Z",
"dateReserved": "2024-07-12T12:17:45.587Z",
"dateUpdated": "2026-05-12T11:55:45.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40943 (GCVE-0-2024-40943)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2026-05-11 20:22
VLAI
EPSS
Title
ocfs2: fix races between hole punching and AIO+DIO
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix races between hole punching and AIO+DIO
After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block",
fstests/generic/300 become from always failed to sometimes failed:
========================================================================
[ 473.293420 ] run fstests generic/300
[ 475.296983 ] JBD2: Ignoring recovery information on journal
[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.
[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found
[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[ 494.292018 ] OCFS2: File system is now read-only.
[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30
[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3
fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072
=========================================================================
In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten
extents to a list. extents are also inserted into extent tree in
ocfs2_write_begin_nolock. Then another thread call fallocate to puch a
hole at one of the unwritten extent. The extent at cpos was removed by
ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list
found there is no such extent at the cpos.
T1 T2 T3
inode lock
...
insert extents
...
inode unlock
ocfs2_fallocate
__ocfs2_change_file_space
inode lock
lock ip_alloc_sem
ocfs2_remove_inode_range inode
ocfs2_remove_btree_range
ocfs2_remove_extent
^---remove the extent at cpos 78723
...
unlock ip_alloc_sem
inode unlock
ocfs2_dio_end_io
ocfs2_dio_end_io_write
lock ip_alloc_sem
ocfs2_mark_extent_written
ocfs2_change_extent_flag
ocfs2_search_extent_list
^---failed to find extent
...
unlock ip_alloc_sem
In most filesystems, fallocate is not compatible with racing with AIO+DIO,
so fix it by adding to wait for all dio before fallocate/punch_hole like
ext4.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b25801038da5823bba1b5440a57ca68afc51b6bd , < 3c26b5d21b1239e9c7fd31ba7d9b2d7bdbaa68d9
(git)
Affected: b25801038da5823bba1b5440a57ca68afc51b6bd , < e8e2db1adac47970a6a9225f3858e9aa0e86287f (git) Affected: b25801038da5823bba1b5440a57ca68afc51b6bd , < 050ce8af6838c71e872e982b50d3f1bec21da40e (git) Affected: b25801038da5823bba1b5440a57ca68afc51b6bd , < 38825ff9da91d2854dcf6d9ac320a7e641e10f25 (git) Affected: b25801038da5823bba1b5440a57ca68afc51b6bd , < ea042dc2bea19d72e37c298bf65a9c341ef3fff3 (git) Affected: b25801038da5823bba1b5440a57ca68afc51b6bd , < 3c361f313d696df72f9bccf058510e9ec737b9b1 (git) Affected: b25801038da5823bba1b5440a57ca68afc51b6bd , < 117b9c009b72a6c2ebfd23484354dfee2d9570d2 (git) Affected: b25801038da5823bba1b5440a57ca68afc51b6bd , < 952b023f06a24b2ad6ba67304c4c84d45bea2f18 (git) |
|
| Linux | Linux |
Affected:
2.6.23
Unaffected: 0 , < 2.6.23 (semver) Unaffected: 4.19.317 , ≤ 4.19.* (semver) Unaffected: 5.4.279 , ≤ 5.4.* (semver) Unaffected: 5.10.221 , ≤ 5.10.* (semver) Unaffected: 5.15.162 , ≤ 5.15.* (semver) Unaffected: 6.1.95 , ≤ 6.1.* (semver) Unaffected: 6.6.35 , ≤ 6.6.* (semver) Unaffected: 6.9.6 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:12.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c26b5d21b1239e9c7fd31ba7d9b2d7bdbaa68d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8e2db1adac47970a6a9225f3858e9aa0e86287f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/050ce8af6838c71e872e982b50d3f1bec21da40e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38825ff9da91d2854dcf6d9ac320a7e641e10f25"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea042dc2bea19d72e37c298bf65a9c341ef3fff3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c361f313d696df72f9bccf058510e9ec737b9b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/117b9c009b72a6c2ebfd23484354dfee2d9570d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/952b023f06a24b2ad6ba67304c4c84d45bea2f18"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:04:20.780555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:25.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3c26b5d21b1239e9c7fd31ba7d9b2d7bdbaa68d9",
"status": "affected",
"version": "b25801038da5823bba1b5440a57ca68afc51b6bd",
"versionType": "git"
},
{
"lessThan": "e8e2db1adac47970a6a9225f3858e9aa0e86287f",
"status": "affected",
"version": "b25801038da5823bba1b5440a57ca68afc51b6bd",
"versionType": "git"
},
{
"lessThan": "050ce8af6838c71e872e982b50d3f1bec21da40e",
"status": "affected",
"version": "b25801038da5823bba1b5440a57ca68afc51b6bd",
"versionType": "git"
},
{
"lessThan": "38825ff9da91d2854dcf6d9ac320a7e641e10f25",
"status": "affected",
"version": "b25801038da5823bba1b5440a57ca68afc51b6bd",
"versionType": "git"
},
{
"lessThan": "ea042dc2bea19d72e37c298bf65a9c341ef3fff3",
"status": "affected",
"version": "b25801038da5823bba1b5440a57ca68afc51b6bd",
"versionType": "git"
},
{
"lessThan": "3c361f313d696df72f9bccf058510e9ec737b9b1",
"status": "affected",
"version": "b25801038da5823bba1b5440a57ca68afc51b6bd",
"versionType": "git"
},
{
"lessThan": "117b9c009b72a6c2ebfd23484354dfee2d9570d2",
"status": "affected",
"version": "b25801038da5823bba1b5440a57ca68afc51b6bd",
"versionType": "git"
},
{
"lessThan": "952b023f06a24b2ad6ba67304c4c84d45bea2f18",
"status": "affected",
"version": "b25801038da5823bba1b5440a57ca68afc51b6bd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"lessThan": "2.6.23",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix races between hole punching and AIO+DIO\n\nAfter commit \"ocfs2: return real error code in ocfs2_dio_wr_get_block\",\nfstests/generic/300 become from always failed to sometimes failed:\n\n========================================================================\n[ 473.293420 ] run fstests generic/300\n\n[ 475.296983 ] JBD2: Ignoring recovery information on journal\n[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.\n[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found\n[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.\n[ 494.292018 ] OCFS2: File system is now read-only.\n[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30\n[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3\nfio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072\n=========================================================================\n\nIn __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten\nextents to a list. extents are also inserted into extent tree in\nocfs2_write_begin_nolock. Then another thread call fallocate to puch a\nhole at one of the unwritten extent. The extent at cpos was removed by\nocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list\nfound there is no such extent at the cpos.\n\n T1 T2 T3\n inode lock\n ...\n insert extents\n ...\n inode unlock\nocfs2_fallocate\n __ocfs2_change_file_space\n inode lock\n lock ip_alloc_sem\n ocfs2_remove_inode_range inode\n ocfs2_remove_btree_range\n ocfs2_remove_extent\n ^---remove the extent at cpos 78723\n ...\n unlock ip_alloc_sem\n inode unlock\n ocfs2_dio_end_io\n ocfs2_dio_end_io_write\n lock ip_alloc_sem\n ocfs2_mark_extent_written\n ocfs2_change_extent_flag\n ocfs2_search_extent_list\n ^---failed to find extent\n ...\n unlock ip_alloc_sem\n\nIn most filesystems, fallocate is not compatible with racing with AIO+DIO,\nso fix it by adding to wait for all dio before fallocate/punch_hole like\next4."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:22:50.641Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c26b5d21b1239e9c7fd31ba7d9b2d7bdbaa68d9"
},
{
"url": "https://git.kernel.org/stable/c/e8e2db1adac47970a6a9225f3858e9aa0e86287f"
},
{
"url": "https://git.kernel.org/stable/c/050ce8af6838c71e872e982b50d3f1bec21da40e"
},
{
"url": "https://git.kernel.org/stable/c/38825ff9da91d2854dcf6d9ac320a7e641e10f25"
},
{
"url": "https://git.kernel.org/stable/c/ea042dc2bea19d72e37c298bf65a9c341ef3fff3"
},
{
"url": "https://git.kernel.org/stable/c/3c361f313d696df72f9bccf058510e9ec737b9b1"
},
{
"url": "https://git.kernel.org/stable/c/117b9c009b72a6c2ebfd23484354dfee2d9570d2"
},
{
"url": "https://git.kernel.org/stable/c/952b023f06a24b2ad6ba67304c4c84d45bea2f18"
}
],
"title": "ocfs2: fix races between hole punching and AIO+DIO",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40943",
"datePublished": "2024-07-12T12:25:17.813Z",
"dateReserved": "2024-07-12T12:17:45.588Z",
"dateUpdated": "2026-05-11T20:22:50.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40945 (GCVE-0-2024-40945)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2026-05-12 11:55
VLAI
EPSS
Title
iommu: Return right value in iommu_sva_bind_device()
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu: Return right value in iommu_sva_bind_device()
iommu_sva_bind_device() should return either a sva bond handle or an
ERR_PTR value in error cases. Existing drivers (idxd and uacce) only
check the return value with IS_ERR(). This could potentially lead to
a kernel NULL pointer dereference issue if the function returns NULL
instead of an error pointer.
In reality, this doesn't cause any problems because iommu_sva_bind_device()
only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.
In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will
return an error, and the device drivers won't call iommu_sva_bind_device()
at all.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 700f564758882db7c039dfba9443fe762561a3f8
(git)
Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < cf34f8f66982a36e5cba0d05781b21ec9606b91e (git) Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 2973b8e7d127754de9013177c41c0b5547406998 (git) Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 6325eab6c108fed27f60ff51852e3eac0ba23f3f (git) Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6 (git) Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 61a96da9649a6b6a1a5d5bde9374b045fdb5c12e (git) Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 89e8a2366e3bce584b6c01549d5019c5cda1205e (git) |
|
| Linux | Linux |
Affected:
5.2
Unaffected: 0 , < 5.2 (semver) Unaffected: 5.4.279 , ≤ 5.4.* (semver) Unaffected: 5.10.221 , ≤ 5.10.* (semver) Unaffected: 5.15.162 , ≤ 5.15.* (semver) Unaffected: 6.1.129 , ≤ 6.1.* (semver) Unaffected: 6.6.35 , ≤ 6.6.* (semver) Unaffected: 6.9.6 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | RUGGEDCOM RST2428P |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:30:25.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:04:14.417698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:25.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:55:46.795Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/iommu.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "700f564758882db7c039dfba9443fe762561a3f8",
"status": "affected",
"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
"versionType": "git"
},
{
"lessThan": "cf34f8f66982a36e5cba0d05781b21ec9606b91e",
"status": "affected",
"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
"versionType": "git"
},
{
"lessThan": "2973b8e7d127754de9013177c41c0b5547406998",
"status": "affected",
"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
"versionType": "git"
},
{
"lessThan": "6325eab6c108fed27f60ff51852e3eac0ba23f3f",
"status": "affected",
"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
"versionType": "git"
},
{
"lessThan": "7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6",
"status": "affected",
"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
"versionType": "git"
},
{
"lessThan": "61a96da9649a6b6a1a5d5bde9374b045fdb5c12e",
"status": "affected",
"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
"versionType": "git"
},
{
"lessThan": "89e8a2366e3bce584b6c01549d5019c5cda1205e",
"status": "affected",
"version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/iommu.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn\u0027t cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won\u0027t call iommu_sva_bind_device()\nat all."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:22:53.243Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"
},
{
"url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"
},
{
"url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"
},
{
"url": "https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f"
},
{
"url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"
},
{
"url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"
},
{
"url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"
}
],
"title": "iommu: Return right value in iommu_sva_bind_device()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40945",
"datePublished": "2024-07-12T12:25:19.164Z",
"dateReserved": "2024-07-12T12:17:45.588Z",
"dateUpdated": "2026-05-12T11:55:46.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40947 (GCVE-0-2024-40947)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:31 – Updated: 2026-05-23 15:51
VLAI
EPSS
Title
ima: Avoid blocking in RCU read-side critical section
Summary
In the Linux kernel, the following vulnerability has been resolved:
ima: Avoid blocking in RCU read-side critical section
A panic happens in ima_match_policy:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
PGD 42f873067 P4D 0
Oops: 0000 [#1] SMP NOPTI
CPU: 5 PID: 1286325 Comm: kubeletmonit.sh
Kdump: loaded Tainted: P
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 0.0.0 02/06/2015
RIP: 0010:ima_match_policy+0x84/0x450
Code: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39
7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d
f2 b9 f4 00 0f 84 9c 01 00 00 <44> 85 73 10 74 ea
44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f
RSP: 0018:ff71570009e07a80 EFLAGS: 00010207
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200
RDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739
R10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970
R13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001
FS: 00007f5195b51740(0000)
GS:ff3e278b12d40000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ima_get_action+0x22/0x30
process_measurement+0xb0/0x830
? page_add_file_rmap+0x15/0x170
? alloc_set_pte+0x269/0x4c0
? prep_new_page+0x81/0x140
? simple_xattr_get+0x75/0xa0
? selinux_file_open+0x9d/0xf0
ima_file_check+0x64/0x90
path_openat+0x571/0x1720
do_filp_open+0x9b/0x110
? page_counter_try_charge+0x57/0xc0
? files_cgroup_alloc_fd+0x38/0x60
? __alloc_fd+0xd4/0x250
? do_sys_open+0x1bd/0x250
do_sys_open+0x1bd/0x250
do_syscall_64+0x5d/0x1d0
entry_SYSCALL_64_after_hwframe+0x65/0xca
Commit c7423dbdbc9e ("ima: Handle -ESTALE returned by
ima_filter_rule_match()") introduced call to ima_lsm_copy_rule within a
RCU read-side critical section which contains kmalloc with GFP_KERNEL.
This implies a possible sleep and violates limitations of RCU read-side
critical sections on non-PREEMPT systems.
Sleeping within RCU read-side critical section might cause
synchronize_rcu() returning early and break RCU protection, allowing a
UAF to happen.
The root cause of this issue could be described as follows:
| Thread A | Thread B |
| |ima_match_policy |
| | rcu_read_lock |
|ima_lsm_update_rule | |
| synchronize_rcu | |
| | kmalloc(GFP_KERNEL)|
| | sleep |
==> synchronize_rcu returns early
| kfree(entry) | |
| | entry = entry->next|
==> UAF happens and entry now becomes NULL (or could be anything).
| | entry->action |
==> Accessing entry might cause panic.
To fix this issue, we are converting all kmalloc that is called within
RCU read-side critical section to use GFP_ATOMIC.
[PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case]
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c4b035b1f036ddd53fbfced49046e586c5ad8a3e , < a6176a802c4bfb83bf7524591aa75f44a639a853
(git)
Affected: 2d4bc60693c4206c64723e94ae5f7a04c0b8f18f , < a38e02265c681b51997a264aaf743095e2ee400a (git) Affected: 8008f1691c15f353f5a53dc5d450b8262cb57421 , < 9c3906c3738562b1fedc6f1cfc81756a7cfefff0 (git) Affected: c7423dbdbc9ecef7fff5239d144cad4b9887f4de , < 28d0ecc52f6c927d0e9ba70a4f2c1ea15453ee88 (git) Affected: c7423dbdbc9ecef7fff5239d144cad4b9887f4de , < 58275455893066149e9f4df2223ab2fdbdc59f9c (git) Affected: c7423dbdbc9ecef7fff5239d144cad4b9887f4de , < 9a95c5bfbf02a0a7f5983280fe284a0ff0836c34 (git) Affected: 38d48fd224036717fcb3437e7af1314f6ebcd2d0 (git) Affected: 69c60b2a2dbb4887739d3a13297cc0dae3793f35 (git) Affected: 5.10.163 , < 5.10.222 (semver) Affected: 5.15.86 , < 5.15.163 (semver) Affected: 6.1.2 , < 6.1.98 (semver) Affected: 5.4.229 , < 5.5 (semver) Affected: 6.0.16 , < 6.1 (semver) |
|
| Linux | Linux |
Affected:
6.2
Unaffected: 0 , < 6.2 (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.98 , ≤ 6.1.* (semver) Unaffected: 6.6.39 , ≤ 6.6.* (semver) Unaffected: 6.9.7 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:14.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6176a802c4bfb83bf7524591aa75f44a639a853"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a38e02265c681b51997a264aaf743095e2ee400a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c3906c3738562b1fedc6f1cfc81756a7cfefff0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28d0ecc52f6c927d0e9ba70a4f2c1ea15453ee88"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58275455893066149e9f4df2223ab2fdbdc59f9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a95c5bfbf02a0a7f5983280fe284a0ff0836c34"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:04:11.306292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:25.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/lsm_hook_defs.h",
"include/linux/security.h",
"kernel/auditfilter.c",
"security/apparmor/audit.c",
"security/apparmor/include/audit.h",
"security/integrity/ima/ima.h",
"security/integrity/ima/ima_policy.c",
"security/security.c",
"security/selinux/include/audit.h",
"security/selinux/ss/services.c",
"security/smack/smack_lsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a6176a802c4bfb83bf7524591aa75f44a639a853",
"status": "affected",
"version": "c4b035b1f036ddd53fbfced49046e586c5ad8a3e",
"versionType": "git"
},
{
"lessThan": "a38e02265c681b51997a264aaf743095e2ee400a",
"status": "affected",
"version": "2d4bc60693c4206c64723e94ae5f7a04c0b8f18f",
"versionType": "git"
},
{
"lessThan": "9c3906c3738562b1fedc6f1cfc81756a7cfefff0",
"status": "affected",
"version": "8008f1691c15f353f5a53dc5d450b8262cb57421",
"versionType": "git"
},
{
"lessThan": "28d0ecc52f6c927d0e9ba70a4f2c1ea15453ee88",
"status": "affected",
"version": "c7423dbdbc9ecef7fff5239d144cad4b9887f4de",
"versionType": "git"
},
{
"lessThan": "58275455893066149e9f4df2223ab2fdbdc59f9c",
"status": "affected",
"version": "c7423dbdbc9ecef7fff5239d144cad4b9887f4de",
"versionType": "git"
},
{
"lessThan": "9a95c5bfbf02a0a7f5983280fe284a0ff0836c34",
"status": "affected",
"version": "c7423dbdbc9ecef7fff5239d144cad4b9887f4de",
"versionType": "git"
},
{
"status": "affected",
"version": "38d48fd224036717fcb3437e7af1314f6ebcd2d0",
"versionType": "git"
},
{
"status": "affected",
"version": "69c60b2a2dbb4887739d3a13297cc0dae3793f35",
"versionType": "git"
},
{
"lessThan": "5.10.222",
"status": "affected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThan": "5.15.163",
"status": "affected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThan": "6.1.98",
"status": "affected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThan": "5.5",
"status": "affected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThan": "6.1",
"status": "affected",
"version": "6.0.16",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/lsm_hook_defs.h",
"include/linux/security.h",
"kernel/auditfilter.c",
"security/apparmor/audit.c",
"security/apparmor/include/audit.h",
"security/integrity/ima/ima.h",
"security/integrity/ima/ima_policy.c",
"security/security.c",
"security/selinux/include/audit.h",
"security/selinux/ss/services.c",
"security/smack/smack_lsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "5.10.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "5.15.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"versionStartIncluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Avoid blocking in RCU read-side critical section\n\nA panic happens in ima_match_policy:\n\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 42f873067 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 5 PID: 1286325 Comm: kubeletmonit.sh\nKdump: loaded Tainted: P\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n BIOS 0.0.0 02/06/2015\nRIP: 0010:ima_match_policy+0x84/0x450\nCode: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39\n 7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d\n f2 b9 f4 00 0f 84 9c 01 00 00 \u003c44\u003e 85 73 10 74 ea\n 44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f\nRSP: 0018:ff71570009e07a80 EFLAGS: 00010207\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200\nRDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739\nR10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970\nR13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001\nFS: 00007f5195b51740(0000)\nGS:ff3e278b12d40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ima_get_action+0x22/0x30\n process_measurement+0xb0/0x830\n ? page_add_file_rmap+0x15/0x170\n ? alloc_set_pte+0x269/0x4c0\n ? prep_new_page+0x81/0x140\n ? simple_xattr_get+0x75/0xa0\n ? selinux_file_open+0x9d/0xf0\n ima_file_check+0x64/0x90\n path_openat+0x571/0x1720\n do_filp_open+0x9b/0x110\n ? page_counter_try_charge+0x57/0xc0\n ? files_cgroup_alloc_fd+0x38/0x60\n ? __alloc_fd+0xd4/0x250\n ? do_sys_open+0x1bd/0x250\n do_sys_open+0x1bd/0x250\n do_syscall_64+0x5d/0x1d0\n entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nCommit c7423dbdbc9e (\"ima: Handle -ESTALE returned by\nima_filter_rule_match()\") introduced call to ima_lsm_copy_rule within a\nRCU read-side critical section which contains kmalloc with GFP_KERNEL.\nThis implies a possible sleep and violates limitations of RCU read-side\ncritical sections on non-PREEMPT systems.\n\nSleeping within RCU read-side critical section might cause\nsynchronize_rcu() returning early and break RCU protection, allowing a\nUAF to happen.\n\nThe root cause of this issue could be described as follows:\n|\tThread A\t|\tThread B\t|\n|\t\t\t|ima_match_policy\t|\n|\t\t\t| rcu_read_lock\t|\n|ima_lsm_update_rule\t|\t\t\t|\n| synchronize_rcu\t|\t\t\t|\n|\t\t\t| kmalloc(GFP_KERNEL)|\n|\t\t\t| sleep\t\t|\n==\u003e synchronize_rcu returns early\n| kfree(entry)\t\t|\t\t\t|\n|\t\t\t| entry = entry-\u003enext|\n==\u003e UAF happens and entry now becomes NULL (or could be anything).\n|\t\t\t| entry-\u003eaction\t|\n==\u003e Accessing entry might cause panic.\n\nTo fix this issue, we are converting all kmalloc that is called within\nRCU read-side critical section to use GFP_ATOMIC.\n\n[PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:51:10.874Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a6176a802c4bfb83bf7524591aa75f44a639a853"
},
{
"url": "https://git.kernel.org/stable/c/a38e02265c681b51997a264aaf743095e2ee400a"
},
{
"url": "https://git.kernel.org/stable/c/9c3906c3738562b1fedc6f1cfc81756a7cfefff0"
},
{
"url": "https://git.kernel.org/stable/c/28d0ecc52f6c927d0e9ba70a4f2c1ea15453ee88"
},
{
"url": "https://git.kernel.org/stable/c/58275455893066149e9f4df2223ab2fdbdc59f9c"
},
{
"url": "https://git.kernel.org/stable/c/9a95c5bfbf02a0a7f5983280fe284a0ff0836c34"
}
],
"title": "ima: Avoid blocking in RCU read-side critical section",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40947",
"datePublished": "2024-07-12T12:31:52.810Z",
"dateReserved": "2024-07-12T12:17:45.589Z",
"dateUpdated": "2026-05-23T15:51:10.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40948 (GCVE-0-2024-40948)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:31 – Updated: 2026-05-11 20:22
VLAI
EPSS
Title
mm/page_table_check: fix crash on ZONE_DEVICE
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/page_table_check: fix crash on ZONE_DEVICE
Not all pages may apply to pgtable check. One example is ZONE_DEVICE
pages: they map PFNs directly, and they don't allocate page_ext at all
even if there's struct page around. One may reference
devm_memremap_pages().
When both ZONE_DEVICE and page-table-check enabled, then try to map some
dax memories, one can trigger kernel bug constantly now when the kernel
was trying to inject some pfn maps on the dax device:
kernel BUG at mm/page_table_check.c:55!
While it's pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page
fault resolutions, skip all the checks if page_ext doesn't even exist in
pgtable checker, which applies to ZONE_DEVICE but maybe more.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
df4e817b710809425d899340dbfa8504a3ca4ba5 , < 51897f99351fff7b57f4f141940fa93b4e90fd2b
(git)
Affected: df4e817b710809425d899340dbfa8504a3ca4ba5 , < 84d3549d54f5ff9fa3281257be3019386f51d1a0 (git) Affected: df4e817b710809425d899340dbfa8504a3ca4ba5 , < dec2382247860d2134c8d41e103e26460c099629 (git) Affected: df4e817b710809425d899340dbfa8504a3ca4ba5 , < 8bb592c2eca8fd2bc06db7d80b38da18da4a2f43 (git) |
|
| Linux | Linux |
Affected:
5.17
Unaffected: 0 , < 5.17 (semver) Unaffected: 6.1.96 , ≤ 6.1.* (semver) Unaffected: 6.6.36 , ≤ 6.6.* (semver) Unaffected: 6.9.7 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:15.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:04:08.155956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:25.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/page_table_check.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "51897f99351fff7b57f4f141940fa93b4e90fd2b",
"status": "affected",
"version": "df4e817b710809425d899340dbfa8504a3ca4ba5",
"versionType": "git"
},
{
"lessThan": "84d3549d54f5ff9fa3281257be3019386f51d1a0",
"status": "affected",
"version": "df4e817b710809425d899340dbfa8504a3ca4ba5",
"versionType": "git"
},
{
"lessThan": "dec2382247860d2134c8d41e103e26460c099629",
"status": "affected",
"version": "df4e817b710809425d899340dbfa8504a3ca4ba5",
"versionType": "git"
},
{
"lessThan": "8bb592c2eca8fd2bc06db7d80b38da18da4a2f43",
"status": "affected",
"version": "df4e817b710809425d899340dbfa8504a3ca4ba5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/page_table_check.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_table_check: fix crash on ZONE_DEVICE\n\nNot all pages may apply to pgtable check. One example is ZONE_DEVICE\npages: they map PFNs directly, and they don\u0027t allocate page_ext at all\neven if there\u0027s struct page around. One may reference\ndevm_memremap_pages().\n\nWhen both ZONE_DEVICE and page-table-check enabled, then try to map some\ndax memories, one can trigger kernel bug constantly now when the kernel\nwas trying to inject some pfn maps on the dax device:\n\n kernel BUG at mm/page_table_check.c:55!\n\nWhile it\u0027s pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page\nfault resolutions, skip all the checks if page_ext doesn\u0027t even exist in\npgtable checker, which applies to ZONE_DEVICE but maybe more."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:22:55.621Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b"
},
{
"url": "https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0"
},
{
"url": "https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629"
},
{
"url": "https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43"
}
],
"title": "mm/page_table_check: fix crash on ZONE_DEVICE",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40948",
"datePublished": "2024-07-12T12:31:53.478Z",
"dateReserved": "2024-07-12T12:17:45.591Z",
"dateUpdated": "2026-05-11T20:22:55.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40953 (GCVE-0-2024-40953)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:31 – Updated: 2026-05-11 20:23
VLAI
EPSS
Title
KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
Use {READ,WRITE}_ONCE() to access kvm->last_boosted_vcpu to ensure the
loads and stores are atomic. In the extremely unlikely scenario the
compiler tears the stores, it's theoretically possible for KVM to attempt
to get a vCPU using an out-of-bounds index, e.g. if the write is split
into multiple 8-bit stores, and is paired with a 32-bit load on a VM with
257 vCPUs:
CPU0 CPU1
last_boosted_vcpu = 0xff;
(last_boosted_vcpu = 0x100)
last_boosted_vcpu[15:8] = 0x01;
i = (last_boosted_vcpu = 0x1ff)
last_boosted_vcpu[7:0] = 0x00;
vcpu = kvm->vcpu_array[0x1ff];
As detected by KCSAN:
BUG: KCSAN: data-race in kvm_vcpu_on_spin [kvm] / kvm_vcpu_on_spin [kvm]
write to 0xffffc90025a92344 of 4 bytes by task 4340 on cpu 16:
kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4112) kvm
handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel
vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?
arch/x86/kvm/vmx/vmx.c:6606) kvm_intel
vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm
kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm
kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm
__se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)
__x64_sys_ioctl (fs/ioctl.c:890)
x64_sys_call (arch/x86/entry/syscall_64.c:33)
do_syscall_64 (arch/x86/entry/common.c:?)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
read to 0xffffc90025a92344 of 4 bytes by task 4342 on cpu 4:
kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4069) kvm
handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel
vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?
arch/x86/kvm/vmx/vmx.c:6606) kvm_intel
vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm
kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm
kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm
__se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)
__x64_sys_ioctl (fs/ioctl.c:890)
x64_sys_call (arch/x86/entry/syscall_64.c:33)
do_syscall_64 (arch/x86/entry/common.c:?)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
value changed: 0x00000012 -> 0x00000000
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
217ece6129f2d3b4fdd18d9e79be9e43d8d14a42 , < 11a772d5376aa6d3e2e69b5b5c585f79b60c0e17
(git)
Affected: 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42 , < 4c141136a28421b78f34969b25a4fa32e06e2180 (git) Affected: 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42 , < 71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84 (git) Affected: 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42 , < 82bd728a06e55f5b5f93d10ce67f4fe7e689853a (git) Affected: 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42 , < 92c77807d938145c7c3350c944ef9f39d7f6017c (git) Affected: 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42 , < a937ef951bba72f48d2402451419d725d70dba20 (git) Affected: 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42 , < 95c8dd79f3a14df96b3820b35b8399bd91b2be60 (git) Affected: 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42 , < 49f683b41f28918df3e51ddc0d928cb2e934ccdb (git) |
|
| Linux | Linux |
Affected:
2.6.39
Unaffected: 0 , < 2.6.39 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.228 , ≤ 5.10.* (semver) Unaffected: 5.15.169 , ≤ 5.15.* (semver) Unaffected: 6.1.96 , ≤ 6.1.* (semver) Unaffected: 6.6.36 , ≤ 6.6.* (semver) Unaffected: 6.9.7 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:17.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92c77807d938145c7c3350c944ef9f39d7f6017c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a937ef951bba72f48d2402451419d725d70dba20"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95c8dd79f3a14df96b3820b35b8399bd91b2be60"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49f683b41f28918df3e51ddc0d928cb2e934ccdb"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:03:52.034893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:24.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "11a772d5376aa6d3e2e69b5b5c585f79b60c0e17",
"status": "affected",
"version": "217ece6129f2d3b4fdd18d9e79be9e43d8d14a42",
"versionType": "git"
},
{
"lessThan": "4c141136a28421b78f34969b25a4fa32e06e2180",
"status": "affected",
"version": "217ece6129f2d3b4fdd18d9e79be9e43d8d14a42",
"versionType": "git"
},
{
"lessThan": "71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84",
"status": "affected",
"version": "217ece6129f2d3b4fdd18d9e79be9e43d8d14a42",
"versionType": "git"
},
{
"lessThan": "82bd728a06e55f5b5f93d10ce67f4fe7e689853a",
"status": "affected",
"version": "217ece6129f2d3b4fdd18d9e79be9e43d8d14a42",
"versionType": "git"
},
{
"lessThan": "92c77807d938145c7c3350c944ef9f39d7f6017c",
"status": "affected",
"version": "217ece6129f2d3b4fdd18d9e79be9e43d8d14a42",
"versionType": "git"
},
{
"lessThan": "a937ef951bba72f48d2402451419d725d70dba20",
"status": "affected",
"version": "217ece6129f2d3b4fdd18d9e79be9e43d8d14a42",
"versionType": "git"
},
{
"lessThan": "95c8dd79f3a14df96b3820b35b8399bd91b2be60",
"status": "affected",
"version": "217ece6129f2d3b4fdd18d9e79be9e43d8d14a42",
"versionType": "git"
},
{
"lessThan": "49f683b41f28918df3e51ddc0d928cb2e934ccdb",
"status": "affected",
"version": "217ece6129f2d3b4fdd18d9e79be9e43d8d14a42",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.39"
},
{
"lessThan": "2.6.39",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.228",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.169",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.228",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.169",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()\n\nUse {READ,WRITE}_ONCE() to access kvm-\u003elast_boosted_vcpu to ensure the\nloads and stores are atomic. In the extremely unlikely scenario the\ncompiler tears the stores, it\u0027s theoretically possible for KVM to attempt\nto get a vCPU using an out-of-bounds index, e.g. if the write is split\ninto multiple 8-bit stores, and is paired with a 32-bit load on a VM with\n257 vCPUs:\n\n CPU0 CPU1\n last_boosted_vcpu = 0xff;\n\n (last_boosted_vcpu = 0x100)\n last_boosted_vcpu[15:8] = 0x01;\n i = (last_boosted_vcpu = 0x1ff)\n last_boosted_vcpu[7:0] = 0x00;\n\n vcpu = kvm-\u003evcpu_array[0x1ff];\n\nAs detected by KCSAN:\n\n BUG: KCSAN: data-race in kvm_vcpu_on_spin [kvm] / kvm_vcpu_on_spin [kvm]\n\n write to 0xffffc90025a92344 of 4 bytes by task 4340 on cpu 16:\n kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4112) kvm\n handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\n vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\n\t\t arch/x86/kvm/vmx/vmx.c:6606) kvm_intel\n vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\n kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\n kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n __x64_sys_ioctl (fs/ioctl.c:890)\n x64_sys_call (arch/x86/entry/syscall_64.c:33)\n do_syscall_64 (arch/x86/entry/common.c:?)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n read to 0xffffc90025a92344 of 4 bytes by task 4342 on cpu 4:\n kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4069) kvm\n handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\n vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\n\t\t\tarch/x86/kvm/vmx/vmx.c:6606) kvm_intel\n vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\n kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\n kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n __x64_sys_ioctl (fs/ioctl.c:890)\n x64_sys_call (arch/x86/entry/syscall_64.c:33)\n do_syscall_64 (arch/x86/entry/common.c:?)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n value changed: 0x00000012 -\u003e 0x00000000"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:23:01.403Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/11a772d5376aa6d3e2e69b5b5c585f79b60c0e17"
},
{
"url": "https://git.kernel.org/stable/c/4c141136a28421b78f34969b25a4fa32e06e2180"
},
{
"url": "https://git.kernel.org/stable/c/71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84"
},
{
"url": "https://git.kernel.org/stable/c/82bd728a06e55f5b5f93d10ce67f4fe7e689853a"
},
{
"url": "https://git.kernel.org/stable/c/92c77807d938145c7c3350c944ef9f39d7f6017c"
},
{
"url": "https://git.kernel.org/stable/c/a937ef951bba72f48d2402451419d725d70dba20"
},
{
"url": "https://git.kernel.org/stable/c/95c8dd79f3a14df96b3820b35b8399bd91b2be60"
},
{
"url": "https://git.kernel.org/stable/c/49f683b41f28918df3e51ddc0d928cb2e934ccdb"
}
],
"title": "KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40953",
"datePublished": "2024-07-12T12:31:56.832Z",
"dateReserved": "2024-07-12T12:17:45.592Z",
"dateUpdated": "2026-05-11T20:23:01.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40954 (GCVE-0-2024-40954)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:31 – Updated: 2026-05-11 20:23
VLAI
EPSS
Title
net: do not leave a dangling sk pointer, when socket creation fails
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: do not leave a dangling sk pointer, when socket creation fails
It is possible to trigger a use-after-free by:
* attaching an fentry probe to __sock_release() and the probe calling the
bpf_get_socket_cookie() helper
* running traceroute -I 1.1.1.1 on a freshly booted VM
A KASAN enabled kernel will log something like below (decoded and stripped):
==================================================================
BUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
Read of size 8 at addr ffff888007110dd8 by task traceroute/299
CPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))
print_report (mm/kasan/report.c:378 mm/kasan/report.c:488)
? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
kasan_report (mm/kasan/report.c:603)
? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)
bpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)
bpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e
bpf_trampoline_6442506592+0x47/0xaf
__sock_release (net/socket.c:652)
__sock_create (net/socket.c:1601)
...
Allocated by task 299 on cpu 2 at 78.328492s:
kasan_save_stack (mm/kasan/common.c:48)
kasan_save_track (mm/kasan/common.c:68)
__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)
kmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)
sk_prot_alloc (net/core/sock.c:2075)
sk_alloc (net/core/sock.c:2134)
inet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)
__sock_create (net/socket.c:1572)
__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)
__x64_sys_socket (net/socket.c:1718)
do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
Freed by task 299 on cpu 2 at 78.328502s:
kasan_save_stack (mm/kasan/common.c:48)
kasan_save_track (mm/kasan/common.c:68)
kasan_save_free_info (mm/kasan/generic.c:582)
poison_slab_object (mm/kasan/common.c:242)
__kasan_slab_free (mm/kasan/common.c:256)
kmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)
__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)
inet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)
__sock_create (net/socket.c:1572)
__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)
__x64_sys_socket (net/socket.c:1718)
do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
Fix this by clearing the struct socket reference in sk_common_release() to cover
all protocol families create functions, which may already attached the
reference to the sk object with sock_init_data().
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd , < 78e4aa528a7b1204219d808310524344f627d069
(git)
Affected: c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd , < 893eeba94c40d513cd0fe6539330ebdaea208c0e (git) Affected: c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd , < 454c454ed645fed051216b79622f7cb69c1638f5 (git) Affected: c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd , < 5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9 (git) Affected: c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd , < 6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2 (git) |
|
| Linux | Linux |
Affected:
5.12
Unaffected: 0 , < 5.12 (semver) Unaffected: 5.15.162 , ≤ 5.15.* (semver) Unaffected: 6.1.96 , ≤ 6.1.* (semver) Unaffected: 6.6.36 , ≤ 6.6.* (semver) Unaffected: 6.9.7 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:18.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/893eeba94c40d513cd0fe6539330ebdaea208c0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/454c454ed645fed051216b79622f7cb69c1638f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:03:48.944366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:24.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "78e4aa528a7b1204219d808310524344f627d069",
"status": "affected",
"version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd",
"versionType": "git"
},
{
"lessThan": "893eeba94c40d513cd0fe6539330ebdaea208c0e",
"status": "affected",
"version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd",
"versionType": "git"
},
{
"lessThan": "454c454ed645fed051216b79622f7cb69c1638f5",
"status": "affected",
"version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd",
"versionType": "git"
},
{
"lessThan": "5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9",
"status": "affected",
"version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd",
"versionType": "git"
},
{
"lessThan": "6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2",
"status": "affected",
"version": "c5dbb89fc2ac013afe67b9e4fcb3743c02b567cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not leave a dangling sk pointer, when socket creation fails\n\nIt is possible to trigger a use-after-free by:\n * attaching an fentry probe to __sock_release() and the probe calling the\n bpf_get_socket_cookie() helper\n * running traceroute -I 1.1.1.1 on a freshly booted VM\n\nA KASAN enabled kernel will log something like below (decoded and stripped):\n==================================================================\nBUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nRead of size 8 at addr ffff888007110dd8 by task traceroute/299\n\nCPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\nprint_report (mm/kasan/report.c:378 mm/kasan/report.c:488)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_report (mm/kasan/report.c:603)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)\n__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nbpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)\nbpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e\nbpf_trampoline_6442506592+0x47/0xaf\n__sock_release (net/socket.c:652)\n__sock_create (net/socket.c:1601)\n...\nAllocated by task 299 on cpu 2 at 78.328492s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\n__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)\nkmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)\nsk_prot_alloc (net/core/sock.c:2075)\nsk_alloc (net/core/sock.c:2134)\ninet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFreed by task 299 on cpu 2 at 78.328502s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\nkasan_save_free_info (mm/kasan/generic.c:582)\npoison_slab_object (mm/kasan/common.c:242)\n__kasan_slab_free (mm/kasan/common.c:256)\nkmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)\n__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)\ninet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by clearing the struct socket reference in sk_common_release() to cover\nall protocol families create functions, which may already attached the\nreference to the sk object with sock_init_data()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:23:02.922Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069"
},
{
"url": "https://git.kernel.org/stable/c/893eeba94c40d513cd0fe6539330ebdaea208c0e"
},
{
"url": "https://git.kernel.org/stable/c/454c454ed645fed051216b79622f7cb69c1638f5"
},
{
"url": "https://git.kernel.org/stable/c/5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9"
},
{
"url": "https://git.kernel.org/stable/c/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2"
}
],
"title": "net: do not leave a dangling sk pointer, when socket creation fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40954",
"datePublished": "2024-07-12T12:31:57.517Z",
"dateReserved": "2024-07-12T12:17:45.592Z",
"dateUpdated": "2026-05-11T20:23:02.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40956 (GCVE-0-2024-40956)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:31 – Updated: 2026-05-11 20:23
VLAI
EPSS
Title
dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
Use list_for_each_entry_safe() to allow iterating through the list and
deleting the entry in the iteration process. The descriptor is freed via
idxd_desc_complete() and there's a slight chance may cause issue for
the list iterator when the descriptor is reused by another thread
without it being deleted from the list.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
16e19e11228ba660d9e322035635e7dcf160d5c2 , < 1b08bf5a17c66ab7dbb628df5344da53c8e7ab33
(git)
Affected: 16e19e11228ba660d9e322035635e7dcf160d5c2 , < 83163667d881100a485b6c2daa30301b7f68d9b5 (git) Affected: 16e19e11228ba660d9e322035635e7dcf160d5c2 , < faa35db78b058a2ab6e074ee283f69fa398c36a8 (git) Affected: 16e19e11228ba660d9e322035635e7dcf160d5c2 , < a14968921486793f2a956086895c3793761309dd (git) Affected: 16e19e11228ba660d9e322035635e7dcf160d5c2 , < e3215deca4520773cd2b155bed164c12365149a7 (git) |
|
| Linux | Linux |
Affected:
5.11
Unaffected: 0 , < 5.11 (semver) Unaffected: 5.15.162 , ≤ 5.15.* (semver) Unaffected: 6.1.96 , ≤ 6.1.* (semver) Unaffected: 6.6.36 , ≤ 6.6.* (semver) Unaffected: 6.9.7 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:20.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:03:42.094021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:24.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/idxd/irq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1b08bf5a17c66ab7dbb628df5344da53c8e7ab33",
"status": "affected",
"version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
"versionType": "git"
},
{
"lessThan": "83163667d881100a485b6c2daa30301b7f68d9b5",
"status": "affected",
"version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
"versionType": "git"
},
{
"lessThan": "faa35db78b058a2ab6e074ee283f69fa398c36a8",
"status": "affected",
"version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
"versionType": "git"
},
{
"lessThan": "a14968921486793f2a956086895c3793761309dd",
"status": "affected",
"version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
"versionType": "git"
},
{
"lessThan": "e3215deca4520773cd2b155bed164c12365149a7",
"status": "affected",
"version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/idxd/irq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there\u0027s a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:23:05.363Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33"
},
{
"url": "https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5"
},
{
"url": "https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8"
},
{
"url": "https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd"
},
{
"url": "https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7"
}
],
"title": "dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40956",
"datePublished": "2024-07-12T12:31:59.027Z",
"dateReserved": "2024-07-12T12:17:45.593Z",
"dateUpdated": "2026-05-11T20:23:05.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…