CVE-2024-40942

CVE Details

Release Date:2024-07-12

Description


In the Linux kernel, the following vulnerability has been resolved:\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\nThis should take care of KASAN reports like this:\nunreferenced object 0xffff00000668d800 (size 128):\ncomm 'kworker/u8:4', pid 67, jiffies 4295419552 (age 1836.444s)\nhex dump (first 32 bytes):\n00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>...........\nbacktrace:\n[<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n[<00000000049bd418>] kmalloc_trace+0x34/0x80\n[<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n[<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n[<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n[<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n[<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n[<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n[<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n[<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n[<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n[<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n[<00000000b36425d1>] worker_thread+0x9c/0x634\n[<0000000005852dd5>] kthread+0x1bc/0x1c4\n[<000000005fccd770>] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\ncomm 'kworker/u8:4', pid 67, jiffies 4295419553 (age 1836.440s)\nhex dump (first 32 bytes):\n90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy.....\nbacktrace:\n[<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n[<00000000049bd418>] kmalloc_trace+0x34/0x80\n[<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n[<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n[<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n[<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n[<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n[<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n[<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n[<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n[<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n[<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n[<00000000b36425d1>] worker_thread+0x9c/0x634\n[<0000000005852dd5>] kthread+0x1bc/0x1c4\n[<000000005fccd770>] ret_from_fork+0x10/0x20

See more information about CVE-2024-40942 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 6.1 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Attack Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: High
Integrity Impact: None Availability Impact: Low

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (kernel-uek)ELSA-2024-126102024-09-10
Oracle Linux version 7 (kernel-uek)ELSA-2024-127792024-10-11
Oracle Linux version 7 (kernel-uek-container)ELSA-2024-126122024-09-11
Oracle Linux version 8 (kernel-uek)ELSA-2024-126102024-09-10
Oracle Linux version 8 (kernel-uek)ELSA-2024-126182024-09-12
Oracle Linux version 8 (kernel-uek-container)ELSA-2024-126122024-09-11
Oracle Linux version 9 (kernel-uek)ELSA-2024-126182024-09-12


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete