{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40939", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.586Z", "datePublished": "2024-07-12T12:25:15.148Z", "dateUpdated": "2025-05-04T09:18:23.169Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:18:23.169Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: Fix tainted pointer delete is case of region creation fail\n\nIn case of region creation fail in ipc_devlink_create_region(), previously\ncreated regions delete process starts from tainted pointer which actually\nholds error code value.\nFix this bug by decreasing region index before delete.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wwan/iosm/iosm_ipc_devlink.c"], "versions": [{"version": "4dcd183fbd67b105decc8be262311937730ccdbf", "lessThan": "fe394d59cdae81389dbf995e87c83c1acd120597", "status": "affected", "versionType": "git"}, {"version": "4dcd183fbd67b105decc8be262311937730ccdbf", "lessThan": "040d9384870386eb5dc55472ac573ac7756b2050", "status": "affected", "versionType": "git"}, {"version": "4dcd183fbd67b105decc8be262311937730ccdbf", "lessThan": "37a438704d19bdbe246d51d3749b6b3a8fe65afd", "status": "affected", "versionType": "git"}, {"version": "4dcd183fbd67b105decc8be262311937730ccdbf", "lessThan": "b0c9a26435413b81799047a7be53255640432547", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wwan/iosm/iosm_ipc_devlink.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.6.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.9.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597"}, {"url": "https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050"}, {"url": "https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd"}, {"url": "https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547"}], "title": "net: wwan: iosm: Fix tainted pointer delete is case of region creation fail", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.776Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40939", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:33.559080Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:26.102Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.776Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40939", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:33.559080Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.706Z"}}], "cna": {"title": "net: wwan: iosm: Fix tainted pointer delete is case of region creation fail", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4dcd183fbd67b105decc8be262311937730ccdbf", "lessThan": "fe394d59cdae81389dbf995e87c83c1acd120597", "versionType": "git"}, {"status": "affected", "version": "4dcd183fbd67b105decc8be262311937730ccdbf", "lessThan": "040d9384870386eb5dc55472ac573ac7756b2050", "versionType": "git"}, {"status": "affected", "version": "4dcd183fbd67b105decc8be262311937730ccdbf", "lessThan": "37a438704d19bdbe246d51d3749b6b3a8fe65afd", "versionType": "git"}, {"status": "affected", "version": "4dcd183fbd67b105decc8be262311937730ccdbf", "lessThan": "b0c9a26435413b81799047a7be53255640432547", "versionType": "git"}], "programFiles": ["drivers/net/wwan/iosm/iosm_ipc_devlink.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.16"}, {"status": "unaffected", "version": "0", "lessThan": "5.16", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.95", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/wwan/iosm/iosm_ipc_devlink.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597"}, {"url": "https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050"}, {"url": "https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd"}, {"url": "https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: Fix tainted pointer delete is case of region creation fail\n\nIn case of region creation fail in ipc_devlink_create_region(), previously\ncreated regions delete process starts from tainted pointer which actually\nholds error code value.\nFix this bug by decreasing region index before delete.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.35", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.6", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "5.16"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:18:23.169Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40939", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:18:23.169Z", "dateReserved": "2024-07-12T12:17:45.586Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:15.148Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE", "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: Fix tainted pointer delete is case of region creation fail\n\nIn case of region creation fail in ipc_devlink_create_region(), previously\ncreated regions delete process starts from tainted pointer which actually\nholds error code value.\nFix this bug by decreasing region index before delete.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: wwan: iosm: corregir la eliminaci\u00f3n del puntero contaminado es un caso de error en la creaci\u00f3n de la regi\u00f3n. En caso de que falle la creaci\u00f3n de la regi\u00f3n en ipc_devlink_create_region(), el proceso de eliminaci\u00f3n de regiones creadas previamente comienza desde el puntero contaminado que en realidad contiene el valor del c\u00f3digo de error. Corrija este error disminuyendo el \u00edndice de regi\u00f3n antes de eliminarlo. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."}], "id": "CVE-2024-40939", "lastModified": "2025-09-17T15:26:02.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:16.320", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5928", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:5928", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}], "bugzilla": {"description": "kernel: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail", "id": "2297523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297523"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: wwan: iosm: Fix tainted pointer delete is case of region creation fail\nIn case of region creation fail in ipc_devlink_create_region(), previously\ncreated regions delete process starts from tainted pointer which actually\nholds error code value.\nFix this bug by decreasing region index before delete.\nFound by Linux Verification Center (linuxtesting.org) with SVACE."], "name": "CVE-2024-40939", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40939\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40939\nhttps://lore.kernel.org/linux-cve-announce/2024071218-CVE-2024-40939-a56c@gregkh/T"], "threat_severity": "Low"}