{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-40942","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-12T12:17:45.587Z","datePublished":"2024-07-12T12:25:17.149Z","dateUpdated":"2025-11-03T21:58:11.294Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:18:27.736Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n  comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n  hex dump (first 32 bytes):\n    00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff  ..........h.....\n    8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00  ....>...........\n  backtrace:\n    [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n    [<00000000049bd418>] kmalloc_trace+0x34/0x80\n    [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n    [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n    [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n    [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n    [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n    [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n    [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n    [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n    [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n    [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n    [<00000000b36425d1>] worker_thread+0x9c/0x634\n    [<0000000005852dd5>] kthread+0x1bc/0x1c4\n    [<000000005fccd770>] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n  comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n  hex dump (first 32 bytes):\n    90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff  ..........h.....\n    36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff  6'.......Xy.....\n  backtrace:\n    [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n    [<00000000049bd418>] kmalloc_trace+0x34/0x80\n    [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n    [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n    [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n    [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n    [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n    [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n    [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n    [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n    [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n    [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n    [<00000000b36425d1>] worker_thread+0x9c/0x634\n    [<0000000005852dd5>] kthread+0x1bc/0x1c4\n    [<000000005fccd770>] ret_from_fork+0x10/0x20"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mac80211/mesh_pathtbl.c"],"versions":[{"version":"050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e","lessThan":"377dbb220edc8421b7960691876c5b3bef62f89b","status":"affected","versionType":"git"},{"version":"050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e","lessThan":"ec79670eae430b3ffb7e0a6417ad7657728b8f95","status":"affected","versionType":"git"},{"version":"050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e","lessThan":"7518e20a189f8659b8b83969db4d33a4068fcfc3","status":"affected","versionType":"git"},{"version":"050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e","lessThan":"c4c865f971fd4a255208f57ef04d814c2ae9e0dc","status":"affected","versionType":"git"},{"version":"050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e","lessThan":"617dadbfb2d3e152c5753e28356d189c9d6f33c0","status":"affected","versionType":"git"},{"version":"050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e","lessThan":"63d5f89bb5664d60edbf8cf0df911aaae8ed96a4","status":"affected","versionType":"git"},{"version":"050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e","lessThan":"d81e244af521de63ad2883e17571b789c39b6549","status":"affected","versionType":"git"},{"version":"050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e","lessThan":"b7d7f11a291830fdf69d3301075dd0fb347ced84","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mac80211/mesh_pathtbl.c"],"versions":[{"version":"2.6.26","status":"affected"},{"version":"0","lessThan":"2.6.26","status":"unaffected","versionType":"semver"},{"version":"4.19.317","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.279","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.221","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.162","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.95","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.35","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.6","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"4.19.317"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.4.279"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.10.221"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.15.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.1.95"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.6.35"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.9.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b"},{"url":"https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95"},{"url":"https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3"},{"url":"https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc"},{"url":"https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0"},{"url":"https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4"},{"url":"https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549"},{"url":"https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84"}],"title":"wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:58:11.294Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-40942","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:04:23.938409Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:25.698Z"}}]}}