CVE-2024-40985

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/tcp_ao: Don't leak ao_info on error-path

It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on version 5 1 of TCP-AO patches. Quite frustrative that having all these selftests that I've written, running kmemtest & kcov was always in todo.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0aadc73995d08f6b0dc061c14a564ffa46f5914e < ebaa7d3c26332330a48f9a15f8e518d526cc0f21affected
LinuxLinux0aadc73995d08f6b0dc061c14a564ffa46f5914e < f9ae848904289ddb16c7c9e4553ed4c64300de49affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.9.7 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References