{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-40940", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.587Z", "datePublished": "2024-07-12T12:25:15.808Z", "dateUpdated": "2025-11-03T21:58:08.367Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:18:24.662Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix tainted pointer delete is case of flow rules creation fail\n\nIn case of flow rule creation fail in mlx5_lag_create_port_sel_table(),\ninstead of previously created rules, the tainted pointer is deleted\ndeveral times.\nFix this bug by using correct flow rules pointers.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c"], "versions": [{"version": "352899f384d4aefa77ede6310d08c1b515612a8f", "lessThan": "531eab2da27dd42d68dfb841d82e987f4a6738b8", "status": "affected", "versionType": "git"}, {"version": "352899f384d4aefa77ede6310d08c1b515612a8f", "lessThan": "d857df86837ac1c30592e8a068204d16feac9930", "status": "affected", "versionType": "git"}, {"version": "352899f384d4aefa77ede6310d08c1b515612a8f", "lessThan": "a03a3fa12769e25f4385bee587afe1445aee7f7a", "status": "affected", "versionType": "git"}, {"version": "352899f384d4aefa77ede6310d08c1b515612a8f", "lessThan": "229bedbf62b13af5aba6525ad10b62ad38d9ccb5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.1.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.6.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.9.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8"}, {"url": "https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930"}, {"url": "https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a"}, {"url": "https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5"}], "title": "net/mlx5: Fix tainted pointer delete is case of flow rules creation fail", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:58:08.367Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40940", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:30.416293Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:02.181Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.350Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40940", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:30.416293Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.159Z"}}], "cna": {"title": "net/mlx5: Fix tainted pointer delete is case of flow rules creation fail", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "352899f384d4aefa77ede6310d08c1b515612a8f", "lessThan": "531eab2da27dd42d68dfb841d82e987f4a6738b8", "versionType": "git"}, {"status": "affected", "version": "352899f384d4aefa77ede6310d08c1b515612a8f", "lessThan": "d857df86837ac1c30592e8a068204d16feac9930", "versionType": "git"}, {"status": "affected", "version": "352899f384d4aefa77ede6310d08c1b515612a8f", "lessThan": "a03a3fa12769e25f4385bee587afe1445aee7f7a", "versionType": "git"}, {"status": "affected", "version": "352899f384d4aefa77ede6310d08c1b515612a8f", "lessThan": "229bedbf62b13af5aba6525ad10b62ad38d9ccb5", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.19"}, {"status": "unaffected", "version": "0", "lessThan": "5.19", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.95", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8"}, {"url": "https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930"}, {"url": "https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a"}, {"url": "https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix tainted pointer delete is case of flow rules creation fail\n\nIn case of flow rule creation fail in mlx5_lag_create_port_sel_table(),\ninstead of previously created rules, the tainted pointer is deleted\ndeveral times.\nFix this bug by using correct flow rules pointers.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.35", "versionStartIncluding": "5.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.6", "versionStartIncluding": "5.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "5.19"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:18:24.662Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40940", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:18:24.662Z", "dateReserved": "2024-07-12T12:17:45.587Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:15.808Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0A7F60D-A7BB-486D-9C47-C6BD16DE5AC3", "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix tainted pointer delete is case of flow rules creation fail\n\nIn case of flow rule creation fail in mlx5_lag_create_port_sel_table(),\ninstead of previously created rules, the tainted pointer is deleted\ndeveral times.\nFix this bug by using correct flow rules pointers.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Se corrige la eliminaci\u00f3n del puntero contaminado en caso de error en la creaci\u00f3n de reglas de flujo. En caso de que falle la creaci\u00f3n de reglas de flujo en mlx5_lag_create_port_sel_table(), en lugar de las reglas creadas previamente, se elimina el puntero contaminado varias veces. Corrija este error utilizando punteros de reglas de flujo correctos. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."}], "id": "CVE-2024-40940", "lastModified": "2025-11-03T22:17:16.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:16.380", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail", "id": "2297524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297524"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5: Fix tainted pointer delete is case of flow rules creation fail\nIn case of flow rule creation fail in mlx5_lag_create_port_sel_table(),\ninstead of previously created rules, the tainted pointer is deleted\ndeveral times.\nFix this bug by using correct flow rules pointers.\nFound by Linux Verification Center (linuxtesting.org) with SVACE."], "name": "CVE-2024-40940", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40940\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40940\nhttps://lore.kernel.org/linux-cve-announce/2024071218-CVE-2024-40940-5b9e@gregkh/T"], "threat_severity": "Low"}

{}