vulnerability

Debian: CVE-2024-40941: linux, linux-6.1 -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Jul 12, 2024

Added

Jul 17, 2024

Modified

Mar 30, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: don't read past the mfuart notifcation

In case the firmware sends a notification that claims it has more data
than it has, we will read past that was allocated for the notification.
Remove the print of the buffer, we won't see it by default. If needed,
we can see the content with tracing.

This was reported by KFENCE.

Solutions

debian-upgrade-linuxdebian-upgrade-linux-6-1

References

CVE-2024-40941
https://attackerkb.com/topics/CVE-2024-40941
DEBIAN-DSA-5730-1
EUVD-EUVD-2024-38829
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-38829

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report