CVE-2024-40985
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/tcp_ao: Don't leak ao_info on error-path
It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on version 5 1 of TCP-AO patches. Quite frustrative that having all these selftests that I've written, running kmemtest & kcov was always in todo.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0aadc73995d08f6b0dc061c14a564ffa46f5914e < ebaa7d3c26332330a48f9a15f8e518d526cc0f21 | affected |
| Linux | Linux | 0aadc73995d08f6b0dc061c14a564ffa46f5914e < f9ae848904289ddb16c7c9e4553ed4c64300de49 | affected |
| Linux | Linux | 6.7 | affected |
| Linux | Linux | 0 < 6.7 | unaffected |
| Linux | Linux | 6.9.7 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/ebaa7d3c26332330a48f9a15f8e518d526cc0f21
- https://git.kernel.org/stable/c/f9ae848904289ddb16c7c9e4553ed4c64300de49
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/ebaa7d3c26332330a48f9a15f8e518d526cc0f21
- https://git.kernel.org/stable/c/f9ae848904289ddb16c7c9e4553ed4c64300de49
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.