CVE-2024-40942

{"id": "CVE-2024-40942", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-12T13:15:16.520", "references": [{"url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n hex dump (first 32 bytes):\n 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>...........\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n hex dump (first 32 bytes):\n 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy.....\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: mac80211: mesh: corrige la fuga de objetos mesh_preq_queue El c\u00f3digo hwmp usa objetos de tipo mesh_preq_queue, agregados a una lista en ieee80211_if_mesh, para realizar un seguimiento del mpath que necesitamos resolver. Si se elimina mpath, se elimina la interfaz ex mesh, las entradas en esa lista nunca se limpiar\u00e1n. Solucione este problema eliminando todos los elementos correspondientes de preq_queue en mesh_path_flush_pending(). Esto deber\u00eda encargarse de informes KASAN como este: objeto sin referencia 0xffff00000668d800 (tama\u00f1o 128): comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (edad 1836.444s) volcado hexadecimal (primeros 32 bytes): 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h..... 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....&gt;.. ......... retroceso: [&lt;000000007302a0b6&gt;] __kmem_cache_alloc_node+0x1e0/0x35c [&lt;00000000049bd418&gt;] kmalloc_trace+0x34/0x80 [&lt;0000000000d792bb&gt;] 8 [&lt;00000000c99c3696&gt;] mesh_nexthop_resolve+0x198/ 0x19c [&lt;00000000926bf598&gt;] ieee80211_xmit+0x1d0/0x1f4 [&lt;00000000fc8c2284&gt;] __ieee80211_subif_start_xmit+0x30c/0x764 [&lt;000000005926ee38&gt;] 11_subif_start_xmit+0x9c/0x7a4 [&lt;000000004c86e916&gt;] dev_hard_start_xmit+0x174/0x440 [&lt;0000000023495647&gt;] __dev_queue_xmit+0xe24/ 0x111c [&lt;00000000cfe9ca78&gt;] batadv_send_skb_packet+0x180/0x1e4 [&lt;000000007bacc5d5&gt;] batadv_v_elp_periodic_work+0x2f4/0x508 [&lt;00000000adc3cd94&gt;] xa1c [&lt;00000000b36425d1&gt;] hilo_trabajador+0x9c/0x634 [&lt;0000000005852dd5&gt;] kthread+0x1bc/ 0x1c4 [&lt;000000005fccd770&gt;] ret_from_fork+0x10/0x20 objeto sin referencia 0xffff000009051f00 (tama\u00f1o 128): comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (edad 1836.440s) volcado hexadecimal (primero 32 bytes): 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h..... 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.... ...Xy..... retroceso: [&lt;000000007302a0b6&gt;] __kmem_cache_alloc_node+0x1e0/0x35c [&lt;00000000049bd418&gt;] kmalloc_trace+0x34/0x80 [&lt;0000000000d792bb&gt;] 0x2a8 [&lt;00000000c99c3696&gt;] mesh_nexthop_resolve+0x198/ 0x19c [&lt;00000000926bf598&gt;] ieee80211_xmit+0x1d0/0x1f4 [&lt;00000000fc8c2284&gt;] __ieee80211_subif_start_xmit+0x30c/0x764 [&lt;000000005926ee38&gt;] 11_subif_start_xmit+0x9c/0x7a4 [&lt;000000004c86e916&gt;] dev_hard_start_xmit+0x174/0x440 [&lt;0000000023495647&gt;] __dev_queue_xmit+0xe24/ 0x111c [&lt;00000000cfe9ca78&gt;] batadv_send_skb_packet+0x180/0x1e4 [&lt;000000007bacc5d5&gt;] batadv_v_elp_periodic_work+0x2f4/0x508 [&lt;00000000adc3cd94&gt;] xa1c [&lt;00000000b36425d1&gt;] hilo_trabajador+0x9c/0x634 [&lt;0000000005852dd5&gt;] kthread+0x1bc/ 0x1c4 [&lt;000000005fccd770&gt;] ret_from_fork+0x10/0x20"}], "lastModified": "2025-11-03T22:17:16.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C31EB329-7D9E-41C3-AFD2-2ADF9C2A5801", "versionEndExcluding": "4.19.317", "versionStartIncluding": "2.6.26"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4E38E58-1B9F-4DF2-AD3D-A8BEAA2959D8", "versionEndExcluding": "5.4.279", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0", "versionEndExcluding": "5.10.221", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE", "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}