{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40919", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.582Z", "datePublished": "2024-07-12T12:25:01.521Z", "dateUpdated": "2024-12-19T09:08:11.670Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:08:11.670Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()\n\nIn case of token is released due to token->state == BNXT_HWRM_DEFERRED,\nreleased token (set to NULL) is used in log messages. This issue is\nexpected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But\nthis error code is returned by recent firmware. So some firmware may not\nreturn it. This may lead to NULL pointer dereference.\nAdjust this issue by adding token pointer check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c"], "versions": [{"version": "8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0", "lessThan": "cde177fa235cd36f981012504a6376315bac03c9", "status": "affected", "versionType": "git"}, {"version": "8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0", "lessThan": "ca6660c956242623b4cfe9be2a1abc67907c44bf", "status": "affected", "versionType": "git"}, {"version": "8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0", "lessThan": "8b65eaeae88d4e9f999e806e196dd887b90bfed9", "status": "affected", "versionType": "git"}, {"version": "8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0", "lessThan": "a9b9741854a9fe9df948af49ca5514e0ed0429df", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9"}, {"url": "https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf"}, {"url": "https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9"}, {"url": "https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df"}], "title": "bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.976Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40919", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:36.863787Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:03.738Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.976Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40919", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:36.863787Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.313Z"}}], "cna": {"title": "bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8fa4219dba8e", "lessThan": "cde177fa235c", "versionType": "git"}, {"status": "affected", "version": "8fa4219dba8e", "lessThan": "ca6660c95624", "versionType": "git"}, {"status": "affected", "version": "8fa4219dba8e", "lessThan": "8b65eaeae88d", "versionType": "git"}, {"status": "affected", "version": "8fa4219dba8e", "lessThan": "a9b9741854a9", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.17"}, {"status": "unaffected", "version": "0", "lessThan": "5.17", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.95", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9"}, {"url": "https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf"}, {"url": "https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9"}, {"url": "https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()\n\nIn case of token is released due to token->state == BNXT_HWRM_DEFERRED,\nreleased token (set to NULL) is used in log messages. This issue is\nexpected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But\nthis error code is returned by recent firmware. So some firmware may not\nreturn it. This may lead to NULL pointer dereference.\nAdjust this issue by adding token pointer check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:33:09.166Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40919", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:33:09.166Z", "dateReserved": "2024-07-12T12:17:45.582Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:01.521Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FAC49F6-16CE-40F7-AA67-AB3C45F109F1", "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()\n\nIn case of token is released due to token->state == BNXT_HWRM_DEFERRED,\nreleased token (set to NULL) is used in log messages. This issue is\nexpected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But\nthis error code is returned by recent firmware. So some firmware may not\nreturn it. This may lead to NULL pointer dereference.\nAdjust this issue by adding token pointer check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bnxt_en: Ajusta el registro de mensajes de firmware en caso de token liberado en __hwrm_send() En caso de que el token se libere debido al token->estado == BNXT_HWRM_DEFERRED, token liberado (establecido en NULL ) se utiliza en mensajes de registro. Se espera que este problema se evite mediante el c\u00f3digo de error HWRM_ERR_CODE_PF_UNAVAILABLE. Pero este c\u00f3digo de error lo devuelve un firmware reciente. Por lo tanto, es posible que algunos firmware no lo devuelvan. Esto puede provocar una desreferencia del puntero NULL. Ajuste este problema agregando una verificaci\u00f3n del puntero del token. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."}], "id": "CVE-2024-40919", "lastModified": "2025-02-03T15:36:50.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:14.937", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()", "id": "2297503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297503"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()\nIn case of token is released due to token->state == BNXT_HWRM_DEFERRED,\nreleased token (set to NULL) is used in log messages. This issue is\nexpected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But\nthis error code is returned by recent firmware. So some firmware may not\nreturn it. This may lead to NULL pointer dereference.\nAdjust this issue by adding token pointer check.\nFound by Linux Verification Center (linuxtesting.org) with SVACE."], "name": "CVE-2024-40919", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40919\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40919\nhttps://lore.kernel.org/linux-cve-announce/2024071212-CVE-2024-40919-2997@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc4"}