CVE-2024-40942Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-402Resource Leak44 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV5.3
EPSS
0.0%
top 97.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJul 12
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. Fix this by flushing all corresponding items of the preq_queue in mesh_path_flush_pending(). This should take care of KASAN reports l

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel2.6.264.19.317+7
Debianlinux/linux_kernel< 5.10.221-1+3
Ubuntulinux/linux_kernel< 5.4.0-195.215+2
CVEListV5linux/linux050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e377dbb220edc8421b7960691876c5b3bef62f89b+8
debiandebian/linux< linux 6.1.99-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

21
OSV
linux-raspi-5.4 vulnerabilities2024-10-01
OSV
linux-raspi vulnerabilities2024-09-26
OSV
linux-azure-fde-5.15 vulnerabilities2024-09-25
OSV
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities2024-09-23
OSV
linux-hwe-6.82024-09-23

📋Vendor Advisories

22
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Ubuntu
Linux kernel vulnerabilities2024-10-01
Ubuntu
Linux kernel vulnerabilities2024-09-26
Ubuntu
Linux kernel vulnerabilities2024-09-25
Ubuntu
Linux kernel vulnerabilities2024-09-23