CVE-2024-40919 (GCVE-0-2024-40919)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2025-11-03 21:57
VLAI?
Title
bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()
Summary
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() In case of token is released due to token->state == BNXT_HWRM_DEFERRED, released token (set to NULL) is used in log messages. This issue is expected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But this error code is returned by recent firmware. So some firmware may not return it. This may lead to NULL pointer dereference. Adjust this issue by adding token pointer check. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0 , < cde177fa235cd36f981012504a6376315bac03c9 (git)
Affected: 8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0 , < ca6660c956242623b4cfe9be2a1abc67907c44bf (git)
Affected: 8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0 , < 8b65eaeae88d4e9f999e806e196dd887b90bfed9 (git)
Affected: 8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0 , < a9b9741854a9fe9df948af49ca5514e0ed0429df (git)
Create a notification for this product.
    Linux Linux Affected: 5.17
Unaffected: 0 , < 5.17 (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:57:49.341Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40919",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:05:36.863787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:03.738Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cde177fa235cd36f981012504a6376315bac03c9",
              "status": "affected",
              "version": "8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0",
              "versionType": "git"
            },
            {
              "lessThan": "ca6660c956242623b4cfe9be2a1abc67907c44bf",
              "status": "affected",
              "version": "8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0",
              "versionType": "git"
            },
            {
              "lessThan": "8b65eaeae88d4e9f999e806e196dd887b90bfed9",
              "status": "affected",
              "version": "8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0",
              "versionType": "git"
            },
            {
              "lessThan": "a9b9741854a9fe9df948af49ca5514e0ed0429df",
              "status": "affected",
              "version": "8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()\n\nIn case of token is released due to token-\u003estate == BNXT_HWRM_DEFERRED,\nreleased token (set to NULL) is used in log messages. This issue is\nexpected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But\nthis error code is returned by recent firmware. So some firmware may not\nreturn it. This may lead to NULL pointer dereference.\nAdjust this issue by adding token pointer check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:17:50.035Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df"
        }
      ],
      "title": "bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40919",
    "datePublished": "2024-07-12T12:25:01.521Z",
    "dateReserved": "2024-07-12T12:17:45.582Z",
    "dateUpdated": "2025-11-03T21:57:49.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:57:49.341Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-40919\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:05:36.863787Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:14.313Z\"}}], \"cna\": {\"title\": \"bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0\", \"lessThan\": \"cde177fa235cd36f981012504a6376315bac03c9\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0\", \"lessThan\": \"ca6660c956242623b4cfe9be2a1abc67907c44bf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0\", \"lessThan\": \"8b65eaeae88d4e9f999e806e196dd887b90bfed9\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8fa4219dba8e621aa1e78dfa7eeab10f55acb3c0\", \"lessThan\": \"a9b9741854a9fe9df948af49ca5514e0ed0429df\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.17\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.17\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.1.95\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.35\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9.6\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.9.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9\"}, {\"url\": \"https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf\"}, {\"url\": \"https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9\"}, {\"url\": \"https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()\\n\\nIn case of token is released due to token-\u003estate == BNXT_HWRM_DEFERRED,\\nreleased token (set to NULL) is used in log messages. This issue is\\nexpected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But\\nthis error code is returned by recent firmware. So some firmware may not\\nreturn it. This may lead to NULL pointer dereference.\\nAdjust this issue by adding token pointer check.\\n\\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.95\", \"versionStartIncluding\": \"5.17\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.35\", \"versionStartIncluding\": \"5.17\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9.6\", \"versionStartIncluding\": \"5.17\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10\", \"versionStartIncluding\": \"5.17\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:17:50.035Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-40919\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:57:49.341Z\", \"dateReserved\": \"2024-07-12T12:17:45.582Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-07-12T12:25:01.521Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.