{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40942", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.587Z", "datePublished": "2024-07-12T12:25:17.149Z", "dateUpdated": "2024-11-05T09:33:37.889Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:33:37.889Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n hex dump (first 32 bytes):\n 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>...........\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n hex dump (first 32 bytes):\n 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy.....\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mac80211/mesh_pathtbl.c"], "versions": [{"version": "050ac52cbe1f", "lessThan": "377dbb220edc", "status": "affected", "versionType": "git"}, {"version": "050ac52cbe1f", "lessThan": "ec79670eae43", "status": "affected", "versionType": "git"}, {"version": "050ac52cbe1f", "lessThan": "7518e20a189f", "status": "affected", "versionType": "git"}, {"version": "050ac52cbe1f", "lessThan": "c4c865f971fd", "status": "affected", "versionType": "git"}, {"version": "050ac52cbe1f", "lessThan": "617dadbfb2d3", "status": "affected", "versionType": "git"}, {"version": "050ac52cbe1f", "lessThan": "63d5f89bb566", "status": "affected", "versionType": "git"}, {"version": "050ac52cbe1f", "lessThan": "d81e244af521", "status": "affected", "versionType": "git"}, {"version": "050ac52cbe1f", "lessThan": "b7d7f11a2918", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mac80211/mesh_pathtbl.c"], "versions": [{"version": "2.6.26", "status": "affected"}, {"version": "0", "lessThan": "2.6.26", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b"}, {"url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95"}, {"url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3"}, {"url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc"}, {"url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0"}, {"url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4"}, {"url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549"}, {"url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84"}], "title": "wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.383Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40942", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:23.938409Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:25.698Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.383Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40942", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:23.938409Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.574Z"}}], "cna": {"title": "wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "050ac52cbe1f", "lessThan": "377dbb220edc", "versionType": "git"}, {"status": "affected", "version": "050ac52cbe1f", "lessThan": "ec79670eae43", "versionType": "git"}, {"status": "affected", "version": "050ac52cbe1f", "lessThan": "7518e20a189f", "versionType": "git"}, {"status": "affected", "version": "050ac52cbe1f", "lessThan": "c4c865f971fd", "versionType": "git"}, {"status": "affected", "version": "050ac52cbe1f", "lessThan": "617dadbfb2d3", "versionType": "git"}, {"status": "affected", "version": "050ac52cbe1f", "lessThan": "63d5f89bb566", "versionType": "git"}, {"status": "affected", "version": "050ac52cbe1f", "lessThan": "d81e244af521", "versionType": "git"}, {"status": "affected", "version": "050ac52cbe1f", "lessThan": "b7d7f11a2918", "versionType": "git"}], "programFiles": ["net/mac80211/mesh_pathtbl.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.26"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.26", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.317", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.279", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.221", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.95", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/mac80211/mesh_pathtbl.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b"}, {"url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95"}, {"url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3"}, {"url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc"}, {"url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0"}, {"url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4"}, {"url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549"}, {"url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n hex dump (first 32 bytes):\n 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>...........\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n hex dump (first 32 bytes):\n 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy.....\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:33:37.889Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40942", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:33:37.889Z", "dateReserved": "2024-07-12T12:17:45.587Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:17.149Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n hex dump (first 32 bytes):\n 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>...........\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n hex dump (first 32 bytes):\n 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy.....\n backtrace:\n [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n [<00000000049bd418>] kmalloc_trace+0x34/0x80\n [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n [<00000000b36425d1>] worker_thread+0x9c/0x634\n [<0000000005852dd5>] kthread+0x1bc/0x1c4\n [<000000005fccd770>] ret_from_fork+0x10/0x20"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: mac80211: mesh: corrige la fuga de objetos mesh_preq_queue El c\u00f3digo hwmp usa objetos de tipo mesh_preq_queue, agregados a una lista en ieee80211_if_mesh, para realizar un seguimiento del mpath que necesitamos resolver. Si se elimina mpath, se elimina la interfaz ex mesh, las entradas en esa lista nunca se limpiar\u00e1n. Solucione este problema eliminando todos los elementos correspondientes de preq_queue en mesh_path_flush_pending(). Esto deber\u00eda encargarse de informes KASAN como este: objeto sin referencia 0xffff00000668d800 (tama\u00f1o 128): comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (edad 1836.444s) volcado hexadecimal (primeros 32 bytes): 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h..... 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....&gt;.. ......... retroceso: [&lt;000000007302a0b6&gt;] __kmem_cache_alloc_node+0x1e0/0x35c [&lt;00000000049bd418&gt;] kmalloc_trace+0x34/0x80 [&lt;0000000000d792bb&gt;] 8 [&lt;00000000c99c3696&gt;] mesh_nexthop_resolve+0x198/ 0x19c [&lt;00000000926bf598&gt;] ieee80211_xmit+0x1d0/0x1f4 [&lt;00000000fc8c2284&gt;] __ieee80211_subif_start_xmit+0x30c/0x764 [&lt;000000005926ee38&gt;] 11_subif_start_xmit+0x9c/0x7a4 [&lt;000000004c86e916&gt;] dev_hard_start_xmit+0x174/0x440 [&lt;0000000023495647&gt;] __dev_queue_xmit+0xe24/ 0x111c [&lt;00000000cfe9ca78&gt;] batadv_send_skb_packet+0x180/0x1e4 [&lt;000000007bacc5d5&gt;] batadv_v_elp_periodic_work+0x2f4/0x508 [&lt;00000000adc3cd94&gt;] xa1c [&lt;00000000b36425d1&gt;] hilo_trabajador+0x9c/0x634 [&lt;0000000005852dd5&gt;] kthread+0x1bc/ 0x1c4 [&lt;000000005fccd770&gt;] ret_from_fork+0x10/0x20 objeto sin referencia 0xffff000009051f00 (tama\u00f1o 128): comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (edad 1836.440s) volcado hexadecimal (primero 32 bytes): 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h..... 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.... ...Xy..... retroceso: [&lt;000000007302a0b6&gt;] __kmem_cache_alloc_node+0x1e0/0x35c [&lt;00000000049bd418&gt;] kmalloc_trace+0x34/0x80 [&lt;0000000000d792bb&gt;] 0x2a8 [&lt;00000000c99c3696&gt;] mesh_nexthop_resolve+0x198/ 0x19c [&lt;00000000926bf598&gt;] ieee80211_xmit+0x1d0/0x1f4 [&lt;00000000fc8c2284&gt;] __ieee80211_subif_start_xmit+0x30c/0x764 [&lt;000000005926ee38&gt;] 11_subif_start_xmit+0x9c/0x7a4 [&lt;000000004c86e916&gt;] dev_hard_start_xmit+0x174/0x440 [&lt;0000000023495647&gt;] __dev_queue_xmit+0xe24/ 0x111c [&lt;00000000cfe9ca78&gt;] batadv_send_skb_packet+0x180/0x1e4 [&lt;000000007bacc5d5&gt;] batadv_v_elp_periodic_work+0x2f4/0x508 [&lt;00000000adc3cd94&gt;] xa1c [&lt;00000000b36425d1&gt;] hilo_trabajador+0x9c/0x634 [&lt;0000000005852dd5&gt;] kthread+0x1bc/ 0x1c4 [&lt;000000005fccd770&gt;] ret_from_fork+0x10/0x20"}], "id": "CVE-2024-40942", "lastModified": "2024-07-12T16:34:58.687", "metrics": {}, "published": "2024-07-12T13:15:16.520", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects", "id": "2297526", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297526"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\nThis should take care of KASAN reports like this:\nunreferenced object 0xffff00000668d800 (size 128):\ncomm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\nhex dump (first 32 bytes):\n00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h.....\n8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>...........\nbacktrace:\n[<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n[<00000000049bd418>] kmalloc_trace+0x34/0x80\n[<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n[<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n[<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n[<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n[<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n[<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n[<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n[<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n[<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n[<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n[<00000000b36425d1>] worker_thread+0x9c/0x634\n[<0000000005852dd5>] kthread+0x1bc/0x1c4\n[<000000005fccd770>] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\ncomm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\nhex dump (first 32 bytes):\n90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h.....\n36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy.....\nbacktrace:\n[<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c\n[<00000000049bd418>] kmalloc_trace+0x34/0x80\n[<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8\n[<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c\n[<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4\n[<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764\n[<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4\n[<000000004c86e916>] dev_hard_start_xmit+0x174/0x440\n[<0000000023495647>] __dev_queue_xmit+0xe24/0x111c\n[<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4\n[<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508\n[<00000000adc3cd94>] process_one_work+0x4b8/0xa1c\n[<00000000b36425d1>] worker_thread+0x9c/0x634\n[<0000000005852dd5>] kthread+0x1bc/0x1c4\n[<000000005fccd770>] ret_from_fork+0x10/0x20", "A vulnerability was found in the Linux kernel's mac80211 mesh networking code. This issue can cause a memory leak of `mesh_preq_queue` objects, which track mesh paths needing resolution. These objects are not properly cleaned up when mesh paths are deleted, such as when a mesh interface is removed. The issue was detected through KASAN reports of unreferenced objects, indicating leaked memory."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40942", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40942\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40942\nhttps://lore.kernel.org/linux-cve-announce/2024071219-CVE-2024-40942-4af1@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.317, kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc3"}