PT-2024-29155 · Linux+7 · Linux Kernel+7

Published

2024-06-04

Updated

2025-09-29

CVE-2024-40939

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a tainted pointer delete in the case of region creation failure in the ipc devlink create region() function. When region creation fails, the delete process for previously created regions starts from a tainted pointer that holds an error code value. This bug has been fixed by decreasing the region index before deletion. The Linux Verification Center (linuxtesting.org) with SVACE found this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-20

Related Identifiers

ALSA-2024:5928

ALSA-2025_16880

BDU:2025-03400

CVE-2024-40939

DLA-4008-1

DSA-5731-1

INFSA-2024_5928

OESA-2024-2076

RHSA-2024:5928

RHSA-2024_5928

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

Affected Products

Almalinux

Astra Linux

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

PT-2024-29155 · Linux+7 · Linux Kernel+7

CVE-2024-40939

Weakness Enumeration

Related Identifiers

Affected Products

References · 1389