#VU94315 Buffer overflow in Linux kernel - CVE-2024-40941

Cybersecurity Help s.r.o.

Published: 2024-07-13 | Updated: 2025-05-13

Vulnerability identifier: #VU94315

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40941

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.19 - 4.19.316, 5.4 - 5.4.278, 5.10 - 5.10.220, 5.15 - 5.15.161, 6.1 - 6.1.94, 6.6 - 6.6.34

External links
https://git.kernel.org/stable/c/15b37c6fab9d5e40ac399fa1c725118588ed649c
https://git.kernel.org/stable/c/6532f18e66b384b8d4b7e5c9caca042faaa9e8de
https://git.kernel.org/stable/c/46c59a25337049a2a230ce7f7c3b9f21d0aaaad7
https://git.kernel.org/stable/c/65686118845d427df27ee83a6ddd4885596b0805
https://git.kernel.org/stable/c/a8bc8276af9aeacabb773f0c267cfcdb847c6f2d
https://git.kernel.org/stable/c/a05018739a5e6b9dc112c95bd4c59904062c8940
https://git.kernel.org/stable/c/acdfa33c3cf5e1cd185cc1e0486bd0ea9f09c154
https://git.kernel.org/stable/c/4bb95f4535489ed830cf9b34b0a891e384d1aee4
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.35

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Integrated Analytics System

Dell RecoverPoint for Virtual Machines update for third-party components

Multiple vulnerabilities in IBM Guardium Data Protection

Dell SmartFabric Storage Software update for third-party components

Anolis OS update for kernel

Multiple vulnerabilities in IBM Cloud Pak for AIOps

Multiple vulnerabilities in IBM Security Guardium

Multiple vulnerabilities in IBM Storage Copy Data Management

Multiple vulnerabilities in Dell Secure Connect Gateway

Multiple vulnerabilities in IBM Technical Support Appliance