Bug 1227799 (CVE-2024-40939)

Summary: VUL-0: CVE-2024-40939: kernel: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Denis Kirjanov <denis.kirjanov>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: denis.kirjanov, miroslav.franc, rfrohl, tbogendoerfer
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/413866/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-40939:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-07-15 12:42:08 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: wwan: iosm: Fix tainted pointer delete is case of region creation fail

In case of region creation fail in ipc_devlink_create_region(), previously
created regions delete process starts from tainted pointer which actually
holds error code value.
Fix this bug by decreasing region index before delete.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40939
https://www.cve.org/CVERecord?id=CVE-2024-40939
https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050
https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd
https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547
https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-40939.mbox