CVE-2024-40940

HIGH

Linux kernel - Buffer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5_lag_create_port_sel_table(), instead of previously created rules, the tainted pointer is deleted deveral times. Fix this bug by using correct flow rules pointers. Found by Linux Verification Center (linuxtesting.org) with SVACE.

References (5)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

[Patch] https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5

[Patch] https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8

[Patch] https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a

[Patch] https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (6)

linux/linux_kernel < 6.1.95

linux/linux_kernel

linux/linux_kernel

linux/Kernel < 6.1.95linux

linux/Kernel < 6.6.35linux

linux/Kernel < 6.9.6linux

Timeline

Published Jul 12, 2024

Tracked Since Feb 18, 2026