{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-40981","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-12T12:17:45.604Z","datePublished":"2024-07-12T12:32:16.277Z","dateUpdated":"2026-05-11T20:23:35.464Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:23:35.464Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\n\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\n\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n\n[1]\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\n hardirqs last  enabled at (6182793): [<ffff8000801dae10>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\n hardirqs last disabled at (6182794): [<ffff80008ad66a78>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (6182794): [<ffff80008ad66a78>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last  enabled at (6182792): [<ffff80008aab71c4>] spin_unlock_bh include/linux/spinlock.h:396 [inline]\n softirqs last  enabled at (6182792): [<ffff80008aab71c4>] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n softirqs last disabled at (6182790): [<ffff80008aab61dc>] spin_lock_bh include/linux/spinlock.h:356 [inline]\n softirqs last disabled at (6182790): [<ffff80008aab61dc>] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\n pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\n lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n  __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\n  arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n  __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n  __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n  _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\n  spin_unlock_bh include/linux/spinlock.h:396 [inline]\n  batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n  batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\n  process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n  process_scheduled_works kernel/workqueue.c:2706 [inline]\n  worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n  kthread+0x288/0x310 kernel/kthread.c:388\n  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\n lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/batman-adv/originator.c"],"versions":[{"version":"fb778ea173fcd58b8fc3d75c674f07fab187b55f","lessThan":"79636f636126775436a11ee9cf00a9253a33ac11","status":"affected","versionType":"git"},{"version":"fb778ea173fcd58b8fc3d75c674f07fab187b55f","lessThan":"154e3f862ba33675cf3f4abf0a0a309a89df87d2","status":"affected","versionType":"git"},{"version":"fb778ea173fcd58b8fc3d75c674f07fab187b55f","lessThan":"82cdea8f3af1e36543c937df963d108c60bea030","status":"affected","versionType":"git"},{"version":"fb778ea173fcd58b8fc3d75c674f07fab187b55f","lessThan":"92176caf9896572f00e741a93cecc0ef1172da07","status":"affected","versionType":"git"},{"version":"fb778ea173fcd58b8fc3d75c674f07fab187b55f","lessThan":"fed7914858a1f1f3e6350bb0f620d6ef15107d16","status":"affected","versionType":"git"},{"version":"fb778ea173fcd58b8fc3d75c674f07fab187b55f","lessThan":"2685008a5f9a636434a8508419cee8158a2f52c8","status":"affected","versionType":"git"},{"version":"fb778ea173fcd58b8fc3d75c674f07fab187b55f","lessThan":"ae7f3cffe86aea3da0e8e079525a1ae619b8862a","status":"affected","versionType":"git"},{"version":"fb778ea173fcd58b8fc3d75c674f07fab187b55f","lessThan":"40dc8ab605894acae1473e434944924a22cfaaa0","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/batman-adv/originator.c"],"versions":[{"version":"2.6.39","status":"affected"},{"version":"0","lessThan":"2.6.39","status":"unaffected","versionType":"semver"},{"version":"4.19.317","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.279","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.221","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.162","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.96","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.36","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.7","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"4.19.317"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"5.4.279"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"5.10.221"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"5.15.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"6.1.96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"6.6.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"6.9.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/79636f636126775436a11ee9cf00a9253a33ac11"},{"url":"https://git.kernel.org/stable/c/154e3f862ba33675cf3f4abf0a0a309a89df87d2"},{"url":"https://git.kernel.org/stable/c/82cdea8f3af1e36543c937df963d108c60bea030"},{"url":"https://git.kernel.org/stable/c/92176caf9896572f00e741a93cecc0ef1172da07"},{"url":"https://git.kernel.org/stable/c/fed7914858a1f1f3e6350bb0f620d6ef15107d16"},{"url":"https://git.kernel.org/stable/c/2685008a5f9a636434a8508419cee8158a2f52c8"},{"url":"https://git.kernel.org/stable/c/ae7f3cffe86aea3da0e8e079525a1ae619b8862a"},{"url":"https://git.kernel.org/stable/c/40dc8ab605894acae1473e434944924a22cfaaa0"}],"title":"batman-adv: bypass empty buckets in batadv_purge_orig_ref()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/79636f636126775436a11ee9cf00a9253a33ac11","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/154e3f862ba33675cf3f4abf0a0a309a89df87d2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/82cdea8f3af1e36543c937df963d108c60bea030","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/92176caf9896572f00e741a93cecc0ef1172da07","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fed7914858a1f1f3e6350bb0f620d6ef15107d16","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2685008a5f9a636434a8508419cee8158a2f52c8","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ae7f3cffe86aea3da0e8e079525a1ae619b8862a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/40dc8ab605894acae1473e434944924a22cfaaa0","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:58:46.464Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-40981","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:02:19.871778Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:21.396Z"}}]}}