PT-2024-29183 · Linux+4 · Linux Kernel+4

Published

2024-03-20

Updated

2025-09-17

CVE-2024-40968

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the MIPS: Octeon component of the Linux kernel. It involves the standard PCIe configuration read-write interface used to access the configuration space of peripheral PCIe devices after a PCIe link surprise down, which can generate a kernel panic caused by a "Data bus error". To protect the system, a PCIe link status check is necessary. When the PCIe link is down or in training, assigning a value of 0 to the configuration address can prevent read-write behavior to the configuration space of peripheral PCIe devices, thereby preventing kernel panic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Check for Exceptional Conditions

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-20CWE-99

Related Identifiers

BDU:2025-02074

CVE-2024-40968

DLA-4008-1

DSA-5730-1

DSA-5731-1

OESA-2024-1894

OESA-2024-1895

OESA-2024-1896

OESA-2024-1897

USN-6999-1

USN-6999-2

USN-7003-1

USN-7003-2

USN-7003-3

USN-7003-4

USN-7003-5

USN-7004-1

USN-7005-1

USN-7005-2

USN-7006-1

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-29183 · Linux+4 · Linux Kernel+4

CVE-2024-40968

Weakness Enumeration

Related Identifiers

Affected Products

References · 698