CVE-2024-40999

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns the validation of completion descriptors consistency in the Linux kernel. Specifically, it involves checking that the first flag is set only for the first descriptor in multi-buffer packets. If an invalid descriptor is encountered, a reset will occur, and a new reset reason for RX data corruption has been added.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-99

Related Identifiers

AZL-62592

AZL-68252

BDU:2026-01445

CVE-2024-40999

ECHO-0A20-1F92-2ADA

OESA-2024-1961

OESA-2024-1962

OESA-2024-1964

OESA-2024-2296

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2802-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2940-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2024-40999

Weakness Enumeration

Related Identifiers

Affected Products

References · 3119