ID

VAR-202407-1609


CVE

CVE-2024-40941


TITLE

Linux  of  Linux Kernel  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-028748

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the buffer, we won't see it by default. If needed, we can see the content with tracing. This was reported by KFENCE. Linux of Linux Kernel Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues. ========================================================================== Ubuntu Security Notice USN-7003-5 October 01, 2024 linux-raspi-5.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Details: It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-40902) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - MIPS architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA drivers; - Drivers core; - GPIO subsystem; - GPU drivers; - Greybus drivers; - HID subsystem; - I2C subsystem; - IIO subsystem; - InfiniBand drivers; - Media drivers; - VMware VMCI Driver; - Network drivers; - Pin controllers subsystem; - S/390 drivers; - SCSI drivers; - USB subsystem; - JFFS2 file system; - JFS file system; - File systems infrastructure; - NILFS2 file system; - IOMMU subsystem; - Sun RPC protocol; - Netfilter; - Memory management; - B.A.T.M.A.N. meshing protocol; - CAN network layer; - Ceph Core library; - Networking core; - IPv4 networking; - IPv6 networking; - IUCV driver; - MAC80211 subsystem; - NET/ROM layer; - Network traffic control; - SoC Audio for Freescale CPUs drivers; (CVE-2024-40916, CVE-2024-41035, CVE-2024-39469, CVE-2024-39499, CVE-2024-36978, CVE-2024-42092, CVE-2024-42087, CVE-2024-42102, CVE-2024-40978, CVE-2024-40902, CVE-2024-36974, CVE-2024-42096, CVE-2024-40974, CVE-2024-40904, CVE-2024-40905, CVE-2024-42153, CVE-2024-42106, CVE-2024-42070, CVE-2024-41097, CVE-2024-42090, CVE-2024-42105, CVE-2024-42104, CVE-2024-39502, CVE-2024-41089, CVE-2024-40945, CVE-2024-38619, CVE-2024-40961, CVE-2024-42127, CVE-2024-39487, CVE-2024-40988, CVE-2024-41044, CVE-2024-42236, CVE-2024-40942, CVE-2024-39506, CVE-2024-39509, CVE-2024-39503, CVE-2024-40934, CVE-2024-40959, CVE-2024-42101, CVE-2024-40960, CVE-2024-40968, CVE-2024-41087, CVE-2023-52803, CVE-2024-40987, CVE-2024-40943, CVE-2024-42089, CVE-2023-52887, CVE-2024-37078, CVE-2024-42148, CVE-2024-36894, CVE-2024-42097, CVE-2024-41006, CVE-2024-40984, CVE-2024-40963, CVE-2024-42223, CVE-2024-40912, CVE-2024-42086, CVE-2024-41049, CVE-2024-42157, CVE-2024-41034, CVE-2024-42145, CVE-2024-42124, CVE-2024-40995, CVE-2024-42224, CVE-2024-40981, CVE-2024-41095, CVE-2024-40901, CVE-2024-42115, CVE-2024-41041, CVE-2024-41007, CVE-2024-39505, CVE-2024-40932, CVE-2024-39495, CVE-2024-40980, CVE-2024-42084, CVE-2024-41046, CVE-2024-42119, CVE-2024-42076, CVE-2024-42232, CVE-2024-39501, CVE-2024-40958, CVE-2024-40941, CVE-2024-42093, CVE-2024-42094, CVE-2024-42154) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-image-5.4.0-1116-raspi 5.4.0-1116.128~18.04.1 Available with Ubuntu Pro linux-image-raspi-hwe-18.04 5.4.0.1116.128~18.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7003-5 https://ubuntu.com/security/notices/USN-7003-4 https://ubuntu.com/security/notices/USN-7003-3 https://ubuntu.com/security/notices/USN-7003-2 https://ubuntu.com/security/notices/USN-7003-1 CVE-2023-52803, CVE-2023-52887, CVE-2024-36894, CVE-2024-36974, CVE-2024-36978, CVE-2024-37078, CVE-2024-38619, CVE-2024-39469, CVE-2024-39487, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501, CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506, CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904, CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40932, CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943, CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960, CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40974, CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40984, CVE-2024-40987, CVE-2024-40988, CVE-2024-40995, CVE-2024-41006, CVE-2024-41007, CVE-2024-41034, CVE-2024-41035, CVE-2024-41041, CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41087, CVE-2024-41089, CVE-2024-41095, CVE-2024-41097, CVE-2024-42070, CVE-2024-42076, CVE-2024-42084, CVE-2024-42086, CVE-2024-42087, CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42093, CVE-2024-42094, CVE-2024-42096, CVE-2024-42097, CVE-2024-42101, CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106, CVE-2024-42115, CVE-2024-42119, CVE-2024-42124, CVE-2024-42127, CVE-2024-42145, CVE-2024-42148, CVE-2024-42153, CVE-2024-42154, CVE-2024-42157, CVE-2024-42223, CVE-2024-42224, CVE-2024-42232, CVE-2024-42236

Trust: 2.43

sources: NVD: CVE-2024-40941 // JVNDB: JVNDB-2024-028748 // CNVD: CNVD-2025-19350 // PACKETSTORM: 181959 // PACKETSTORM: 182283 // PACKETSTORM: 182243

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:6.10

Trust: 1.8

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.279

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.221

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.2

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.317

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.1.95

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.35

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.162

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.9.6

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.12

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:5.11 that's all 5.15.162

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.16 that's all 6.1.95

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.7 that's all 6.9.6

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.5 that's all 5.10.221

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.12 that's all 4.19.317

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.2 that's all 6.6.35

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.20 that's all 5.4.279

Trust: 0.8

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-028748 // NVD: CVE-2024-40941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-40941
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-40941
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-19350
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19350
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-40941
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-40941
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-028748 // NVD: CVE-2024-40941

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-028748 // NVD: CVE-2024-40941

THREAT TYPE

local

Trust: 0.1

sources: PACKETSTORM: 181959

PATCH

title:Linux Kernel Archivesurl:https://git.kernel.org/stable/c/15b37c6fab9d5e40ac399fa1c725118588ed649c

Trust: 0.8

title:Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlierurl:https://www.cnvd.org.cn/patchInfo/show/723061

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-028748

EXTERNAL IDS

db:NVDid:CVE-2024-40941

Trust: 2.9

db:SIEMENSid:SSA-355557

Trust: 1.6

db:SIEMENSid:SSA-265688

Trust: 1.0

db:ICS CERTid:ICSA-25-226-07

Trust: 0.8

db:JVNid:JVNVU92169998

Trust: 0.8

db:JVNDBid:JVNDB-2024-028748

Trust: 0.8

db:CNVDid:CNVD-2025-19350

Trust: 0.6

db:PACKETSTORMid:181959

Trust: 0.1

db:PACKETSTORMid:182283

Trust: 0.1

db:PACKETSTORMid:182243

Trust: 0.1

sources: CNVD: CNVD-2025-19350 // PACKETSTORM: 181959 // PACKETSTORM: 182283 // PACKETSTORM: 182243 // JVNDB: JVNDB-2024-028748 // NVD: CVE-2024-40941

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2024-40941

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Trust: 1.0

url:https://git.kernel.org/stable/c/65686118845d427df27ee83a6ddd4885596b0805

Trust: 1.0

url:https://git.kernel.org/stable/c/acdfa33c3cf5e1cd185cc1e0486bd0ea9f09c154

Trust: 1.0

url:https://git.kernel.org/stable/c/a05018739a5e6b9dc112c95bd4c59904062c8940

Trust: 1.0

url:https://git.kernel.org/stable/c/46c59a25337049a2a230ce7f7c3b9f21d0aaaad7

Trust: 1.0

url:https://git.kernel.org/stable/c/15b37c6fab9d5e40ac399fa1c725118588ed649c

Trust: 1.0

url:https://git.kernel.org/stable/c/6532f18e66b384b8d4b7e5c9caca042faaa9e8de

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/a8bc8276af9aeacabb773f0c267cfcdb847c6f2d

Trust: 1.0

url:https://git.kernel.org/stable/c/4bb95f4535489ed830cf9b34b0a891e384d1aee4

Trust: 1.0

url:https://jvn.jp/vu/jvnvu92169998/

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-39487

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2024-42089

Trust: 0.2

url:https://ubuntu.com/security/notices/usn-7069-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2024-27436

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2024-41073

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2024-42157

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2024-38630

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2024-26641

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2024-27051

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2024-31076

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-52510

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2024-38602

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2024-38611

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2024-26754

Trust: 0.2

url:https://ubuntu.com/security/notices/usn-7003-5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-40902

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-7003-4

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-39506

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-36894

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-39495

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-40904

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-40905

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-36978

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-39502

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-52803

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-7003-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-39509

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-40934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-38619

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-7003-2

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-7003-3

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-7069-2

Trust: 0.1

sources: CNVD: CNVD-2025-19350 // PACKETSTORM: 181959 // PACKETSTORM: 182283 // PACKETSTORM: 182243 // JVNDB: JVNDB-2024-028748 // NVD: CVE-2024-40941

CREDITS

Ubuntu

Trust: 0.3

sources: PACKETSTORM: 181959 // PACKETSTORM: 182283 // PACKETSTORM: 182243

SOURCES

db:CNVDid:CNVD-2025-19350
db:PACKETSTORMid:181959
db:PACKETSTORMid:182283
db:PACKETSTORMid:182243
db:JVNDBid:JVNDB-2024-028748
db:NVDid:CVE-2024-40941

LAST UPDATE DATE

2026-06-19T20:53:52.113000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2024-028748date:2025-10-10T06:10:00
db:NVDid:CVE-2024-40941date:2026-05-12T12:16:59.857

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-12T00:00:00
db:PACKETSTORMid:181959date:2024-10-02T13:47:21
db:PACKETSTORMid:182283date:2024-10-18T14:10:58
db:PACKETSTORMid:182243date:2024-10-16T14:29:25
db:JVNDBid:JVNDB-2024-028748date:2025-10-10T00:00:00
db:NVDid:CVE-2024-40941date:2024-07-12T13:15:16.440