vulnerability

Oracle Linux: CVE-2024-40939: ELSA-2024-5928: kernel security update (IMPORTANT) (Multiple Advisories)

Severity
4
CVSS
(AV:L/AC:L/Au:M/C:N/I:N/A:C)
Published
Jul 12, 2024
Added
Oct 16, 2024
Modified
Feb 18, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:
net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
In case of region creation fail in ipc_devlink_create_region(), previously
created regions delete process starts from tainted pointer which actually
holds error code value.
Fix this bug by decreasing region index before delete.
Found by Linux Verification Center (linuxtesting.org) with SVACE.

Solution(s)

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.