CVE-2024-40941Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read48 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV5.3
EPSS
0.0%
top 98.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJul 12
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the buffer, we won't see it by default. If needed, we can see the content with tracing. This was reported by KFENCE.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel4.124.19.317+7
Debianlinux/linux_kernel< 5.10.221-1+3
Ubuntulinux/linux_kernel< 5.4.0-195.215+3
CVEListV5linux/linuxbdccdb854f2fb473f2ac4a6108df3cbfcedd5a8715b37c6fab9d5e40ac399fa1c725118588ed649c+8
debiandebian/linux< linux 6.1.99-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

23
OSV
linux-azure vulnerabilities2024-10-17
OSV
linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2024-10-15
OSV
linux-raspi-5.4 vulnerabilities2024-10-01
OSV
linux-raspi vulnerabilities2024-09-26
OSV
linux-azure-fde-5.15 vulnerabilities2024-09-25

📋Vendor Advisories

24
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Ubuntu
Linux kernel (Azure) vulnerabilities2024-10-17
Ubuntu
Linux kernel vulnerabilities2024-10-15
Ubuntu
Linux kernel vulnerabilities2024-10-01
Ubuntu
Linux kernel vulnerabilities2024-09-26