Lucene search
LinuxCVELIST:CVE-2024-40919HistoryJul 12, 2024 - 12:25 p.m.
CVE-2024-40919 bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()
2024-07-1212:25:01
Linux
www.cve.org
9
linux kernel
vnxt_en
adjust logging
firmware messages
token pointer check
null pointer dereference
svace
EPSS
0
Percentile
15.9%
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()
In case of token is released due to token->state == BNXT_HWRM_DEFERRED,
released token (set to NULL) is used in log messages. This issue is
expected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But
this error code is returned by recent firmware. So some firmware may not
return it. This may lead to NULL pointer dereference.
Adjust this issue by adding token pointer check.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c"
],
"versions": [
{
"version": "8fa4219dba8e",
"lessThan": "cde177fa235c",
"status": "affected",
"versionType": "git"
},
{
"version": "8fa4219dba8e",
"lessThan": "ca6660c95624",
"status": "affected",
"versionType": "git"
},
{
"version": "8fa4219dba8e",
"lessThan": "8b65eaeae88d",
"status": "affected",
"versionType": "git"
},
{
"version": "8fa4219dba8e",
"lessThan": "a9b9741854a9",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c"
],
"versions": [
{
"version": "5.17",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.17",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]Related
redhatcve
redhatcve
CVE-2024-40919
2024-07-16 15:55:44
osv
osv
CVE-2024-40919
2024-07-12 13:15:00
linux - security update
2024-07-16 00:00:00
linux-nvidia, linux-nvidia-lowlatency vulnerabilities
2024-09-12 13:47:54
debiancve
debiancve
CVE-2024-40919
2024-07-12 13:15:14
nvd
nvd
CVE-2024-40919
2024-07-12 13:15:14
ubuntucve
ubuntucve
CVE-2024-40919
2024-07-12 00:00:00
vulnrichment
vulnrichment
cve
cve
CVE-2024-40919
2024-07-12 13:15:14
openvas
openvas
Debian: Security Advisory (DSA-5731-1)
2024-07-17 00:00:00
Ubuntu: Security Advisory (USN-7005-2)
2024-09-16 00:00:00
Ubuntu: Security Advisory (USN-7005-1)
2024-09-13 00:00:00
nessus
nessus
Debian dsa-5731 : affs-modules-6.1.0-21-4kc-malta-di - security update
2024-07-16 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2802-1)
2024-08-08 00:00:00
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7005-2)
2024-09-13 00:00:00