CVE-2024-40942: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. Fix this by flushing all corresponding items of the preq_queue in mesh_path_flush_pending(). This should take care of KASAN reports like this: unreferenced object 0xffff00000668d800 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419552 (age 1836.444s) hex dump (first 32 bytes): 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h..... 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>........... backtrace: [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c [<00000000049bd418>] kmalloc_trace+0x34/0x80 [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8 [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4 [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764 [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4 [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440 [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4 [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508 [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c [<00000000b36425d1>] worker_thread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] ret_from_fork+0x10/0x20 unreferenced object 0xffff000009051f00 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419553 (age 1836.440s) hex dump (first 32 bytes): 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h..... 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy..... backtrace: [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c [<00000000049bd418>] kmalloc_trace+0x34/0x80 [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8 [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4 [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764 [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4 [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440 [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4 [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508 [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c [<00000000b36425d1>] worker_thread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] ret_from_fork+0x10/0x20
AI Analysis
Technical Summary
CVE-2024-40942 is a vulnerability identified in the Linux kernel's mac80211 wireless subsystem, specifically within the mesh networking (mesh) code. The issue involves a memory leak of mesh_preq_queue objects, which are used by the HWMP (Hybrid Wireless Mesh Protocol) code to track mesh path resolutions. When a mesh path (mpath) is deleted, such as when a mesh interface is removed, the entries in the mesh_preq_queue list are not properly cleaned up, leading to a leak of these objects. This leak was detected through Kernel Address Sanitizer (KASAN) reports showing unreferenced objects remaining allocated for extended periods. The root cause is that the mesh_path_flush_pending() function did not flush all corresponding mesh_preq_queue items when paths were deleted. The fix involves ensuring that all pending mesh_preq_queue entries are flushed appropriately during mesh path cleanup, preventing the memory leak. While the vulnerability does not appear to allow direct code execution or privilege escalation, the leak could degrade system stability over time, especially on systems heavily utilizing mesh networking features. The vulnerability affects Linux kernel versions identified by the commit hash 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e and similar builds. No known exploits are reported in the wild as of the publication date (July 12, 2024), and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-40942 is primarily related to system reliability and availability rather than direct compromise of confidentiality or integrity. Organizations deploying Linux-based systems with mesh networking enabled—such as in wireless infrastructure, IoT deployments, or advanced networking environments—may experience gradual memory leaks leading to resource exhaustion, degraded performance, or system crashes. This could affect critical infrastructure, enterprise wireless networks, or service provider equipment relying on Linux mesh networking. Although exploitation does not appear straightforward and requires specific mesh configurations, the vulnerability could be leveraged in targeted denial-of-service scenarios or to destabilize network nodes. European entities with extensive Linux deployments in telecommunications, public safety networks, or smart city infrastructure should be particularly aware. The leak does not require user interaction or elevated privileges to manifest but depends on mesh networking usage, which is less common in typical desktop or server environments but more prevalent in specialized wireless deployments.
Mitigation Recommendations
To mitigate CVE-2024-40942, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for this vulnerability as soon as they become available from their Linux distribution vendors or upstream kernel sources. 2) Audit and monitor systems using mesh networking features to identify any abnormal memory usage or kernel warnings related to mesh_preq_queue objects. 3) Where mesh networking is not required, disable the mac80211 mesh functionality to reduce the attack surface. 4) For critical infrastructure using mesh networks, implement proactive system resource monitoring and automated remediation to restart affected services or nodes before memory exhaustion impacts availability. 5) Engage with hardware and software vendors to ensure timely updates and validate that embedded Linux devices are patched. 6) Incorporate this vulnerability into vulnerability management and patching workflows, prioritizing systems with mesh networking enabled. 7) Consider network segmentation to isolate mesh-enabled devices from sensitive network segments to limit potential impact.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Belgium, Italy
CVE-2024-40942: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. Fix this by flushing all corresponding items of the preq_queue in mesh_path_flush_pending(). This should take care of KASAN reports like this: unreferenced object 0xffff00000668d800 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419552 (age 1836.444s) hex dump (first 32 bytes): 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h..... 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>........... backtrace: [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c [<00000000049bd418>] kmalloc_trace+0x34/0x80 [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8 [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4 [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764 [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4 [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440 [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4 [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508 [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c [<00000000b36425d1>] worker_thread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] ret_from_fork+0x10/0x20 unreferenced object 0xffff000009051f00 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419553 (age 1836.440s) hex dump (first 32 bytes): 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h..... 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy..... backtrace: [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c [<00000000049bd418>] kmalloc_trace+0x34/0x80 [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8 [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4 [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764 [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4 [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440 [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4 [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508 [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c [<00000000b36425d1>] worker_thread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] ret_from_fork+0x10/0x20
AI-Powered Analysis
Technical Analysis
CVE-2024-40942 is a vulnerability identified in the Linux kernel's mac80211 wireless subsystem, specifically within the mesh networking (mesh) code. The issue involves a memory leak of mesh_preq_queue objects, which are used by the HWMP (Hybrid Wireless Mesh Protocol) code to track mesh path resolutions. When a mesh path (mpath) is deleted, such as when a mesh interface is removed, the entries in the mesh_preq_queue list are not properly cleaned up, leading to a leak of these objects. This leak was detected through Kernel Address Sanitizer (KASAN) reports showing unreferenced objects remaining allocated for extended periods. The root cause is that the mesh_path_flush_pending() function did not flush all corresponding mesh_preq_queue items when paths were deleted. The fix involves ensuring that all pending mesh_preq_queue entries are flushed appropriately during mesh path cleanup, preventing the memory leak. While the vulnerability does not appear to allow direct code execution or privilege escalation, the leak could degrade system stability over time, especially on systems heavily utilizing mesh networking features. The vulnerability affects Linux kernel versions identified by the commit hash 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e and similar builds. No known exploits are reported in the wild as of the publication date (July 12, 2024), and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-40942 is primarily related to system reliability and availability rather than direct compromise of confidentiality or integrity. Organizations deploying Linux-based systems with mesh networking enabled—such as in wireless infrastructure, IoT deployments, or advanced networking environments—may experience gradual memory leaks leading to resource exhaustion, degraded performance, or system crashes. This could affect critical infrastructure, enterprise wireless networks, or service provider equipment relying on Linux mesh networking. Although exploitation does not appear straightforward and requires specific mesh configurations, the vulnerability could be leveraged in targeted denial-of-service scenarios or to destabilize network nodes. European entities with extensive Linux deployments in telecommunications, public safety networks, or smart city infrastructure should be particularly aware. The leak does not require user interaction or elevated privileges to manifest but depends on mesh networking usage, which is less common in typical desktop or server environments but more prevalent in specialized wireless deployments.
Mitigation Recommendations
To mitigate CVE-2024-40942, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for this vulnerability as soon as they become available from their Linux distribution vendors or upstream kernel sources. 2) Audit and monitor systems using mesh networking features to identify any abnormal memory usage or kernel warnings related to mesh_preq_queue objects. 3) Where mesh networking is not required, disable the mac80211 mesh functionality to reduce the attack surface. 4) For critical infrastructure using mesh networks, implement proactive system resource monitoring and automated remediation to restart affected services or nodes before memory exhaustion impacts availability. 5) Engage with hardware and software vendors to ensure timely updates and validate that embedded Linux devices are patched. 6) Incorporate this vulnerability into vulnerability management and patching workflows, prioritizing systems with mesh networking enabled. 7) Consider network segmentation to isolate mesh-enabled devices from sensitive network segments to limit potential impact.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-12T12:17:45.587Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe143a
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 2:26:24 AM
Last updated: 8/3/2025, 12:37:10 AM
Views: 14
Related Threats
CVE-2025-8510: Cross Site Scripting in Portabilis i-Educar
MediumCVE-2025-8509: Cross Site Scripting in Portabilis i-Educar
MediumCVE-2025-8508: Cross Site Scripting in Portabilis i-Educar
MediumCVE-2025-8507: Cross Site Scripting in Portabilis i-Educar
MediumCVE-2025-8506: Cross Site Scripting in 495300897 wx-shop
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.