CVE-2024-40940

HIGH

Linux kernel - Buffer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5_lag_create_port_sel_table(), instead of previously created rules, the tainted pointer is deleted deveral times. Fix this bug by using correct flow rules pointers. Found by Linux Verification Center (linuxtesting.org) with SVACE.

References (5)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

[Patch] https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5

[Patch] https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8

[Patch] https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a

[Patch] https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 3.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-415

Status published

Products (5)

linux/Kernel 5.19.0 - 6.1.95linux

linux/Kernel 6.2.0 - 6.6.35linux

linux/Kernel 6.7.0 - 6.9.6linux

linux/linux_kernel 6.10 rc1 (2 CPE variants)

linux/linux_kernel 5.19 - 6.1.95

Published Jul 12, 2024

Tracked Since Feb 18, 2026