CVE-2024-40939

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-40939
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40939.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-40939
Downstream
Related
Published
2024-07-12T12:25:15.148Z
Modified
2025-11-28T02:34:27.224201Z
Summary
net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
Details

In the Linux kernel, the following vulnerability has been resolved:

net: wwan: iosm: Fix tainted pointer delete is case of region creation fail

In case of region creation fail in ipcdevlinkcreate_region(), previously created regions delete process starts from tainted pointer which actually holds error code value. Fix this bug by decreasing region index before delete.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40939.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4dcd183fbd67b105decc8be262311937730ccdbf
Fixed
fe394d59cdae81389dbf995e87c83c1acd120597
Fixed
040d9384870386eb5dc55472ac573ac7756b2050
Fixed
37a438704d19bdbe246d51d3749b6b3a8fe65afd
Fixed
b0c9a26435413b81799047a7be53255640432547

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.95
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.35
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.6