PT-2024-6941 · Linux+10 · Linux Kernel+10

Shay Drory

·

Published

2024-06-05

·

Updated

2025-09-29

·

CVE-2024-40906

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.7.0-68.fc38.x86 64
Description The vulnerability is related to the net/mlx5 driver in the Linux kernel. If the teardown hca function fails during driver removal, the health timer is not stopped, which can lead to a Use-After-Free (UAF) bug. This bug results in a page fault, as the health timer invokes after resources have been freed. The issue is resolved by stopping the health monitor even if teardown hca fails.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, update to a version later than 6.7.0-68.fc38.x86 64. As a temporary workaround, consider disabling the health timer during driver removal to prevent the UAF bug. However, this is not a permanent solution and updating the kernel is the recommended course of action.

Exploit

Fix

Use After Free

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-415

Related Identifiers

ALSA-2025:8056
ALSA-2025:8057
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-13979
ALT-PU-2024-14046
BDU:2024-08165
CESA-2025_8056
CESA-2025_8057
CVE-2024-40906
DLA-4008-1
DSA-5731-1
INFSA-2024_9315
INFSA-2025_8056
INFSA-2025_8057
OESA-2024-1960
OPENSUSE-SU-2024_2947-1
RHSA-2024:9315
RHSA-2024_9315
RHSA-2025:8056
RHSA-2025:8057
RHSA-2025_8056
RHSA-2025_8057
SUSE-SU-2024:2802-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7008-1
USN-7029-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu