CVE-2024-40985

Published: Jul 12, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net/tcp_ao: Don't leak ao_info on error-path It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on version 5 [1] of TCP-AO patches. Quite frustrative that having all these selftests that I've written, running kmemtest & kcov was always in todo. [1]: https://lore.kernel.org/netdev/[email protected]/

Vendor	Product	Versions
Linux	Linux	affected `0aadc73995d08f6b0dc061c14a564ffa46f5914e - < ebaa7d3c26332330a48f9a15f8e518d526cc0f21` affected `0aadc73995d08f6b0dc061c14a564ffa46f5914e - < f9ae848904289ddb16c7c9e4553ed4c64300de49`
Linux	Linux	affected `6.7` unaffected `0 - < 6.7` unaffected `6.9.7 - <= 6.9.` unaffected `6.10 - <= `

References

https://git.kernel.org/stable/c/ebaa7d3c26332330a48f9a15f8e518d526cc0f21

https://git.kernel.org/stable/c/f9ae848904289ddb16c7c9e4553ed4c64300de49

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-40985

Description

Affected Products

References