CVE-2024-40942

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-40942
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40942.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-40942
Related
Published
2024-07-12T13:15:16Z
Modified
2024-09-11T05:04:22.563559Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: mesh: Fix leak of meshpreqqueue objects

The hwmp code use objects of type meshpreqqueue, added to a list in ieee80211ifmesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. Fix this by flushing all corresponding items of the preqqueue in meshpathflushpending().

This should take care of KASAN reports like this:

unreferenced object 0xffff00000668d800 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419552 (age 1836.444s) hex dump (first 32 bytes): 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h..... 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>........... backtrace: [<000000007302a0b6>] _kmemcacheallocnode+0x1e0/0x35c [<00000000049bd418>] kmalloctrace+0x34/0x80 [<0000000000d792bb>] meshqueuepreq+0x44/0x2a8 [<00000000c99c3696>] meshnexthopresolve+0x198/0x19c [<00000000926bf598>] ieee80211xmit+0x1d0/0x1f4 [<00000000fc8c2284>] _ieee80211subifstartxmit+0x30c/0x764 [<000000005926ee38>] ieee80211subifstartxmit+0x9c/0x7a4 [<000000004c86e916>] devhardstartxmit+0x174/0x440 [<0000000023495647>] _devqueuexmit+0xe24/0x111c [<00000000cfe9ca78>] batadvsendskbpacket+0x180/0x1e4 [<000000007bacc5d5>] batadvvelpperiodicwork+0x2f4/0x508 [<00000000adc3cd94>] processonework+0x4b8/0xa1c [<00000000b36425d1>] workerthread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] retfromfork+0x10/0x20 unreferenced object 0xffff000009051f00 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419553 (age 1836.440s) hex dump (first 32 bytes): 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h..... 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy..... backtrace: [<000000007302a0b6>] _kmemcacheallocnode+0x1e0/0x35c [<00000000049bd418>] kmalloctrace+0x34/0x80 [<0000000000d792bb>] meshqueuepreq+0x44/0x2a8 [<00000000c99c3696>] meshnexthopresolve+0x198/0x19c [<00000000926bf598>] ieee80211xmit+0x1d0/0x1f4 [<00000000fc8c2284>] _ieee80211subifstartxmit+0x30c/0x764 [<000000005926ee38>] ieee80211subifstartxmit+0x9c/0x7a4 [<000000004c86e916>] devhardstartxmit+0x174/0x440 [<0000000023495647>] _devqueuexmit+0xe24/0x111c [<00000000cfe9ca78>] batadvsendskbpacket+0x180/0x1e4 [<000000007bacc5d5>] batadvvelpperiodicwork+0x2f4/0x508 [<00000000adc3cd94>] processonework+0x4b8/0xa1c [<00000000b36425d1>] workerthread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] retfromfork+0x10/0x20

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.221-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1
5.10.178-1
5.10.178-2
5.10.178-3
5.10.179-1
5.10.179-2
5.10.179-3
5.10.179-4
5.10.179-5
5.10.191-1
5.10.197-1
5.10.205-1
5.10.205-2
5.10.209-1
5.10.209-2
5.10.216-1
5.10.218-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.99-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.9.7-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1
6.6.15-1
6.6.15-2
6.7-1~exp1
6.7.1-1~exp1
6.7.4-1~exp1
6.7.7-1
6.7.9-1
6.7.9-2
6.7.12-1~bpo12+1
6.7.12-1
6.8.9-1
6.8.11-1
6.8.12-1~bpo12+1
6.8.12-1
6.9.2-1~exp1
6.9.7-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}