Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-40942

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/07/2024
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects<br /> <br /> The hwmp code use objects of type mesh_preq_queue, added to a list in<br /> ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath<br /> gets deleted, ex mesh interface is removed, the entries in that list will<br /> never get cleaned. Fix this by flushing all corresponding items of the<br /> preq_queue in mesh_path_flush_pending().<br /> <br /> This should take care of KASAN reports like this:<br /> <br /> unreferenced object 0xffff00000668d800 (size 128):<br /> comm "kworker/u8:4", pid 67, jiffies 4295419552 (age 1836.444s)<br /> hex dump (first 32 bytes):<br /> 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....<br /> 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....&gt;...........<br /> backtrace:<br /> [] __kmem_cache_alloc_node+0x1e0/0x35c<br /> [] kmalloc_trace+0x34/0x80<br /> [] mesh_queue_preq+0x44/0x2a8<br /> [] mesh_nexthop_resolve+0x198/0x19c<br /> [] ieee80211_xmit+0x1d0/0x1f4<br /> [] __ieee80211_subif_start_xmit+0x30c/0x764<br /> [] ieee80211_subif_start_xmit+0x9c/0x7a4<br /> [] dev_hard_start_xmit+0x174/0x440<br /> [] __dev_queue_xmit+0xe24/0x111c<br /> [] batadv_send_skb_packet+0x180/0x1e4<br /> [] batadv_v_elp_periodic_work+0x2f4/0x508<br /> [] process_one_work+0x4b8/0xa1c<br /> [] worker_thread+0x9c/0x634<br /> [] kthread+0x1bc/0x1c4<br /> [] ret_from_fork+0x10/0x20<br /> unreferenced object 0xffff000009051f00 (size 128):<br /> comm "kworker/u8:4", pid 67, jiffies 4295419553 (age 1836.440s)<br /> hex dump (first 32 bytes):<br /> 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....<br /> 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6&amp;#39;.......Xy.....<br /> backtrace:<br /> [] __kmem_cache_alloc_node+0x1e0/0x35c<br /> [] kmalloc_trace+0x34/0x80<br /> [] mesh_queue_preq+0x44/0x2a8<br /> [] mesh_nexthop_resolve+0x198/0x19c<br /> [] ieee80211_xmit+0x1d0/0x1f4<br /> [] __ieee80211_subif_start_xmit+0x30c/0x764<br /> [] ieee80211_subif_start_xmit+0x9c/0x7a4<br /> [] dev_hard_start_xmit+0x174/0x440<br /> [] __dev_queue_xmit+0xe24/0x111c<br /> [] batadv_send_skb_packet+0x180/0x1e4<br /> [] batadv_v_elp_periodic_work+0x2f4/0x508<br /> [] process_one_work+0x4b8/0xa1c<br /> [] worker_thread+0x9c/0x634<br /> [] kthread+0x1bc/0x1c4<br /> [] ret_from_fork+0x10/0x20

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.26 (including) 4.19.317 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.279 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.221 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.162 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.95 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.35 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.9.6 (excluding)
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools