CVE-2024-40981

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc7-syzkaller-g707081b61156

Description The vulnerability is related to the batman-adv component in the Linux kernel, which is prone to soft lockups due to incorrect handling of empty buckets in the batadv purge orig ref() function. This issue can cause the CPU to become stuck for an extended period, leading to a denial-of-service (DoS) condition. The root cause of the problem is unknown, but the patch aims to avoid spending too much time in the affected function and potentially gather more interesting reports.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the batman-adv vulnerability. Specifically, versions 6.8.0-rc7-syzkaller-g707081b61156 and later should include the necessary patch. If updating is not feasible, consider disabling the batman-adv component or restricting its use to minimize the risk of exploitation.