CVE-2024-40941: wifi: iwlwifi: mvm: don't read past the mfuart notifcation
First published: Fri Jul 12 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the buffer, we won't see it by default. If needed, we can see the content with tracing. This was reported by KFENCE.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.19.317 | 4.19.317 |
| redhat/kernel | <5.4.279 | 5.4.279 |
| redhat/kernel | <5.10.221 | 5.10.221 |
| redhat/kernel | <5.15.162 | 5.15.162 |
| redhat/kernel | <6.1.95 | 6.1.95 |
| redhat/kernel | <6.6.35 | 6.6.35 |
| redhat/kernel | <6.9.6 | 6.9.6 |
| redhat/kernel | <6.10 | 6.10 |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 6.12.22-1 | |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/15b37c6fab9d5e40ac399fa1c725118588ed649c
- https://git.kernel.org/stable/c/46c59a25337049a2a230ce7f7c3b9f21d0aaaad7
- https://git.kernel.org/stable/c/4bb95f4535489ed830cf9b34b0a891e384d1aee4
- https://git.kernel.org/stable/c/6532f18e66b384b8d4b7e5c9caca042faaa9e8de
- https://git.kernel.org/stable/c/65686118845d427df27ee83a6ddd4885596b0805
- https://git.kernel.org/stable/c/a05018739a5e6b9dc112c95bd4c59904062c8940
- https://git.kernel.org/stable/c/a8bc8276af9aeacabb773f0c267cfcdb847c6f2d
- https://git.kernel.org/stable/c/acdfa33c3cf5e1cd185cc1e0486bd0ea9f09c154
- https://access.redhat.com/errata/RHSA-2024:5928
- https://access.redhat.com/errata/RHSA-2024:7001
- https://access.redhat.com/errata/RHSA-2024:7000
- https://bugzilla.redhat.com/show_bug.cgi?id=2297525
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40941
- https://nvd.nist.gov/vuln/detail/CVE-2024-40941
- https://launchpad.net/bugs/cve/CVE-2024-40941
- https://security-tracker.debian.org/tracker/CVE-2024-40941
- https://ubuntu.com/security/CVE-2024-40941
- https://git.kernel.org/linus/4bb95f4535489ed830cf9b34b0a891e384d1aee4
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-40941?
CVE-2024-40941 has a high severity rating due to its potential for memory corruption leading to system instability.
How do I fix CVE-2024-40941?
To fix CVE-2024-40941, update to the latest kernel versions provided by your distribution, such as 4.19.317, 5.4.279, or 6.10.
What systems are affected by CVE-2024-40941?
CVE-2024-40941 affects various distributions of the Linux kernel, specifically those prior to the specified remedied versions.
Can CVE-2024-40941 be exploited remotely?
CVE-2024-40941 could potentially be exploited remotely if an attacker can send crafted notifications to a vulnerable system.
Is there a workaround for CVE-2024-40941?
There is no known workaround for CVE-2024-40941; applying the patch or upgrading the kernel is necessary to mitigate the risk.
- agent/title
- agent/type
- collector/nvd-api
- source/NVD
- agent/severity
- agent/remedy
- agent/author
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-40941
- agent/software-canonical-lookup
- collector/nvd-cve
- collector/mitre-cve
- source/MITRE
- agent/trending
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- package-manager/debian
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2