CVE-2024-40939

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-40939

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail In case of region creation fail in ipc_devlink_create_region(), previously created regions delete process starts from tainted pointer which actually holds error code value. Fix this bug by decreasing region index before delete. Found by Linux Verification Center (linuxtesting.org) with SVACE.

References
Link Resource
https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050 Patch
https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd Patch
https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547 Patch
https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597 Patch
https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050 Patch
https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd Patch
https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547 Patch
https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597 Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
History

03 Nov 2025, 22:17

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

17 Sep 2025, 15:26

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050 - () https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050 - Patch
References () https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd - () https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd - Patch
References () https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547 - () https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547 - Patch
References () https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597 - () https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597 - Patch
CWE CWE-416
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
First Time Linux
Linux linux Kernel
CPE cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

21 Nov 2024, 09:31

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050 - () https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050 -
References () https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd - () https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd -
References () https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547 - () https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547 -
References () https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597 - () https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597 -
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: wwan: iosm: corregir la eliminación del puntero contaminado es un caso de error en la creación de la región. En caso de que falle la creación de la región en ipc_devlink_create_region(), el proceso de eliminación de regiones creadas previamente comienza desde el puntero contaminado que en realidad contiene el valor del código de error. Corrija este error disminuyendo el índice de región antes de eliminarlo. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE.

12 Jul 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-12 13:15

Updated : 2025-11-03 22:17

NVD link : CVE-2024-40939

Mitre link : CVE-2024-40939

CVE.ORG link : CVE-2024-40939

JSON object : View

Products Affected

linux

CWE
CWE-416

Use After Free