CVE-2024-40958 (GCVE-0-2024-40958)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2026-05-12 11:55
VLAI?
Title
netns: Make get_net_ns() handle zero refcount net
Summary
In the Linux kernel, the following vulnerability has been resolved: netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0 Modules linked in: CPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0xdf/0x1d0 Code: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 <0f> 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1 RSP: 0018:ffff8881067b7da0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac RDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001 RBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139 R10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4 R13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040 FS: 00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? show_regs+0xa3/0xc0 ? __warn+0xa5/0x1c0 ? refcount_warn_saturate+0xdf/0x1d0 ? report_bug+0x1fc/0x2d0 ? refcount_warn_saturate+0xdf/0x1d0 ? handle_bug+0xa1/0x110 ? exc_invalid_op+0x3c/0xb0 ? asm_exc_invalid_op+0x1f/0x30 ? __warn_printk+0xcc/0x140 ? __warn_printk+0xd5/0x140 ? refcount_warn_saturate+0xdf/0x1d0 get_net_ns+0xa4/0xc0 ? __pfx_get_net_ns+0x10/0x10 open_related_ns+0x5a/0x130 __tun_chr_ioctl+0x1616/0x2370 ? __sanitizer_cov_trace_switch+0x58/0xa0 ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30 ? __pfx_tun_chr_ioctl+0x10/0x10 tun_chr_ioctl+0x2f/0x40 __x64_sys_ioctl+0x11b/0x160 x64_sys_call+0x1211/0x20d0 do_syscall_64+0x9e/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5b28f165d7 Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8 RSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7 RDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003 RBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0 R10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730 R13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000 </TASK> Kernel panic - not syncing: kernel: panic_on_warn set ... This is trigger as below: ns0 ns1 tun_set_iff() //dev is tun0 tun->dev = dev //ip link set tun0 netns ns1 put_net() //ref is 0 __tun_chr_ioctl() //TUNGETDEVNETNS net = dev_net(tun->dev); open_related_ns(&net->ns, get_net_ns); //ns1 get_net_ns() get_net() //addition on 0 Use maybe_get_net() in get_net_ns in case net's ref is zero to fix this
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f , < 3a6cd326ead7c8bb1f64486789a01974a9f1ad55 (git)
Affected: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f , < 2b82028a1f5ee3a8e04090776b10c534144ae77b (git)
Affected: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f , < cb7f811f638a14590ff98f53c6dd1fb54627d940 (git)
Affected: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f , < 1b631bffcb2c09551888f3c723f4365c91fe05ef (git)
Affected: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f , < ef0394ca25953ea0eddcc82feae1f750451f1876 (git)
Affected: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f , < 3af28df0d883e8c89a29ac31bc65f9023485743b (git)
Affected: 0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f , < ff960f9d3edbe08a736b5a224d91a305ccc946b0 (git)
Create a notification for this product.
Linux Linux Affected: 5.2
Unaffected: 0 , < 5.2 (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:22.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a6cd326ead7c8bb1f64486789a01974a9f1ad55"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b82028a1f5ee3a8e04090776b10c534144ae77b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb7f811f638a14590ff98f53c6dd1fb54627d940"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b631bffcb2c09551888f3c723f4365c91fe05ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef0394ca25953ea0eddcc82feae1f750451f1876"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3af28df0d883e8c89a29ac31bc65f9023485743b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff960f9d3edbe08a736b5a224d91a305ccc946b0"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:35.616951Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:23.921Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:55:48.230Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/net_namespace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3a6cd326ead7c8bb1f64486789a01974a9f1ad55",
              "status": "affected",
              "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f",
              "versionType": "git"
            },
            {
              "lessThan": "2b82028a1f5ee3a8e04090776b10c534144ae77b",
              "status": "affected",
              "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f",
              "versionType": "git"
            },
            {
              "lessThan": "cb7f811f638a14590ff98f53c6dd1fb54627d940",
              "status": "affected",
              "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f",
              "versionType": "git"
            },
            {
              "lessThan": "1b631bffcb2c09551888f3c723f4365c91fe05ef",
              "status": "affected",
              "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f",
              "versionType": "git"
            },
            {
              "lessThan": "ef0394ca25953ea0eddcc82feae1f750451f1876",
              "status": "affected",
              "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f",
              "versionType": "git"
            },
            {
              "lessThan": "3af28df0d883e8c89a29ac31bc65f9023485743b",
              "status": "affected",
              "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f",
              "versionType": "git"
            },
            {
              "lessThan": "ff960f9d3edbe08a736b5a224d91a305ccc946b0",
              "status": "affected",
              "version": "0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/net_namespace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetns: Make get_net_ns() handle zero refcount net\n\nSyzkaller hit a warning:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0\nModules linked in:\nCPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xdf/0x1d0\nCode: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 \u003c0f\u003e 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1\nRSP: 0018:ffff8881067b7da0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac\nRDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001\nRBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139\nR10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4\nR13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040\nFS:  00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0xa3/0xc0\n ? __warn+0xa5/0x1c0\n ? refcount_warn_saturate+0xdf/0x1d0\n ? report_bug+0x1fc/0x2d0\n ? refcount_warn_saturate+0xdf/0x1d0\n ? handle_bug+0xa1/0x110\n ? exc_invalid_op+0x3c/0xb0\n ? asm_exc_invalid_op+0x1f/0x30\n ? __warn_printk+0xcc/0x140\n ? __warn_printk+0xd5/0x140\n ? refcount_warn_saturate+0xdf/0x1d0\n get_net_ns+0xa4/0xc0\n ? __pfx_get_net_ns+0x10/0x10\n open_related_ns+0x5a/0x130\n __tun_chr_ioctl+0x1616/0x2370\n ? __sanitizer_cov_trace_switch+0x58/0xa0\n ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30\n ? __pfx_tun_chr_ioctl+0x10/0x10\n tun_chr_ioctl+0x2f/0x40\n __x64_sys_ioctl+0x11b/0x160\n x64_sys_call+0x1211/0x20d0\n do_syscall_64+0x9e/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f5b28f165d7\nCode: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8\nRSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7\nRDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003\nRBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0\nR10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730\nR13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nThis is trigger as below:\n          ns0                                    ns1\ntun_set_iff() //dev is tun0\n   tun-\u003edev = dev\n//ip link set tun0 netns ns1\n                                       put_net() //ref is 0\n__tun_chr_ioctl() //TUNGETDEVNETNS\n   net = dev_net(tun-\u003edev);\n   open_related_ns(\u0026net-\u003ens, get_net_ns); //ns1\n     get_net_ns()\n        get_net() //addition on 0\n\nUse maybe_get_net() in get_net_ns in case net\u0027s ref is zero to fix this"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:23:07.741Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3a6cd326ead7c8bb1f64486789a01974a9f1ad55"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b82028a1f5ee3a8e04090776b10c534144ae77b"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb7f811f638a14590ff98f53c6dd1fb54627d940"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b631bffcb2c09551888f3c723f4365c91fe05ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef0394ca25953ea0eddcc82feae1f750451f1876"
        },
        {
          "url": "https://git.kernel.org/stable/c/3af28df0d883e8c89a29ac31bc65f9023485743b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff960f9d3edbe08a736b5a224d91a305ccc946b0"
        }
      ],
      "title": "netns: Make get_net_ns() handle zero refcount net",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40958",
    "datePublished": "2024-07-12T12:32:00.431Z",
    "dateReserved": "2024-07-12T12:17:45.593Z",
    "dateUpdated": "2026-05-12T11:55:48.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-40958",
      "date": "2026-05-21",
      "epss": "0.0001",
      "percentile": "0.01059"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.2\", \"versionEndExcluding\": \"5.4.279\", \"matchCriteriaId\": \"5A16AF13-82B4-4031-88E2-F3A1AE0863D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.10.221\", \"matchCriteriaId\": \"659E1520-6345-41AF-B893-A7C0647585A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.15.162\", \"matchCriteriaId\": \"10A39ACC-3005-40E8-875C-98A372D1FFD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.1.96\", \"matchCriteriaId\": \"61E887B4-732A-40D2-9983-CC6F281EBFB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"6.6.36\", \"matchCriteriaId\": \"E1046C95-860A-45B0-B718-2B29F65BFF10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.9.7\", \"matchCriteriaId\": \"0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EBB4392-5FA6-4DA9-9772-8F9C750109FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"331C2F14-12C7-45D5-893D-8C52EE38EA10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3173713D-909A-4DD3-9DD4-1E171EB057EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"79F18AFA-40F7-43F0-BA30-7BDB65F918B9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetns: Make get_net_ns() handle zero refcount net\\n\\nSyzkaller hit a warning:\\nrefcount_t: addition on 0; use-after-free.\\nWARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0\\nModules linked in:\\nCPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\\nRIP: 0010:refcount_warn_saturate+0xdf/0x1d0\\nCode: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 \u003c0f\u003e 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1\\nRSP: 0018:ffff8881067b7da0 EFLAGS: 00010286\\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac\\nRDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001\\nRBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139\\nR10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4\\nR13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040\\nFS:  00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nCall Trace:\\n \u003cTASK\u003e\\n ? show_regs+0xa3/0xc0\\n ? __warn+0xa5/0x1c0\\n ? refcount_warn_saturate+0xdf/0x1d0\\n ? report_bug+0x1fc/0x2d0\\n ? refcount_warn_saturate+0xdf/0x1d0\\n ? handle_bug+0xa1/0x110\\n ? exc_invalid_op+0x3c/0xb0\\n ? asm_exc_invalid_op+0x1f/0x30\\n ? __warn_printk+0xcc/0x140\\n ? __warn_printk+0xd5/0x140\\n ? refcount_warn_saturate+0xdf/0x1d0\\n get_net_ns+0xa4/0xc0\\n ? __pfx_get_net_ns+0x10/0x10\\n open_related_ns+0x5a/0x130\\n __tun_chr_ioctl+0x1616/0x2370\\n ? __sanitizer_cov_trace_switch+0x58/0xa0\\n ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30\\n ? __pfx_tun_chr_ioctl+0x10/0x10\\n tun_chr_ioctl+0x2f/0x40\\n __x64_sys_ioctl+0x11b/0x160\\n x64_sys_call+0x1211/0x20d0\\n do_syscall_64+0x9e/0x1d0\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\nRIP: 0033:0x7f5b28f165d7\\nCode: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8\\nRSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7\\nRDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003\\nRBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0\\nR10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730\\nR13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000\\n \u003c/TASK\u003e\\nKernel panic - not syncing: kernel: panic_on_warn set ...\\n\\nThis is trigger as below:\\n          ns0                                    ns1\\ntun_set_iff() //dev is tun0\\n   tun-\u003edev = dev\\n//ip link set tun0 netns ns1\\n                                       put_net() //ref is 0\\n__tun_chr_ioctl() //TUNGETDEVNETNS\\n   net = dev_net(tun-\u003edev);\\n   open_related_ns(\u0026net-\u003ens, get_net_ns); //ns1\\n     get_net_ns()\\n        get_net() //addition on 0\\n\\nUse maybe_get_net() in get_net_ns in case net\u0027s ref is zero to fix this\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netns: haga que get_net_ns() maneje cero refcount net. Syzkaller recibi\\u00f3 una advertencia: refcount_t: adici\\u00f3n en 0; use-after-free. ADVERTENCIA: CPU: 3 PID: 7890 en lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0 M\\u00f3dulos vinculados en: CPU: 3 PID: 7890 Comm: tun No contaminado 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310 Hardware nombre: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 01/04/2014 RIP: 0010:refcount_warn_saturate+0xdf/0x1d0 C\\u00f3digo: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 \u0026lt;0f\u0026gt; 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1 RSP: 0018: ffff8881067b7da0 EFLAGS: 00010286 RAX: 00000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac RDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001 RBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139 R10: 00000000000000000 R11: 205d303938375420 R12: 8881086500c4 R13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040 FS : 00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fd18 CR3: 00000001482f6000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: ? show_regs+0xa3/0xc0? __advertir+0xa5/0x1c0 ? refcount_warn_saturate+0xdf/0x1d0? report_bug+0x1fc/0x2d0? refcount_warn_saturate+0xdf/0x1d0? handle_bug+0xa1/0x110? exc_invalid_op+0x3c/0xb0? asm_exc_invalid_op+0x1f/0x30? __warn_printk+0xcc/0x140 ? __warn_printk+0xd5/0x140 ? refcount_warn_saturate+0xdf/0x1d0 get_net_ns+0xa4/0xc0 ? __pfx_get_net_ns+0x10/0x10 open_ related_ns+0x5a/0x130 __tun_chr_ioctl+0x1616/0x2370 ? __sanitizer_cov_trace_switch+0x58/0xa0? __sanitizer_cov_trace_const_cmp2+0x1c/0x30 ? __pfx_tun_chr_ioctl+0x10/0x10 tun_chr_ioctl+0x2f/0x40 __x64_sys_ioctl+0x11b/0x160 x64_sys_call+0x1211/0x20d0 do_syscall_64+0x9e/0x1d0 Entry_SYSCALL_64_after_h wframe+0x77/0x7f RIP: 0033:0x7f5b28f165d7 C\\u00f3digo: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ff 73 01 c3 48 8b 0d 81 48 2d 0 8 RSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7 RDX: 000000000 RSI: 00000000000054e3 RDI: 0000000000000003 RBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0 R10: 690010 R11: 0000000000000246 R12: 0000000000400730 R13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 00000000000000000  P\\u00e1nico del kernel - no sincronizado: kernel: p\\u00e1nico_on_warn set ... Esto se activa como se muestra a continuaci\\u00f3n: ns0 ns1 tun_set_iff() //dev is tun0 tun-\u0026gt;dev = dev //ip link set tun0 netns ns1 put_net() //ref es 0 __tun_chr_ioctl() //TUNGETDEVNETNS net = dev_net(tun-\u0026gt;dev); open_ related_ns(\u0026amp;net-\u0026gt;ns, get_net_ns); //ns1 get_net_ns() get_net() //adici\\u00f3n en 0 Use may_get_net() en get_net_ns en caso de que la referencia de red sea cero para solucionar este problema\"}]",
      "id": "CVE-2024-40958",
      "lastModified": "2024-11-21T09:31:56.947",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2024-07-12T13:15:17.883",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/1b631bffcb2c09551888f3c723f4365c91fe05ef\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/2b82028a1f5ee3a8e04090776b10c534144ae77b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3a6cd326ead7c8bb1f64486789a01974a9f1ad55\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3af28df0d883e8c89a29ac31bc65f9023485743b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/cb7f811f638a14590ff98f53c6dd1fb54627d940\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/ef0394ca25953ea0eddcc82feae1f750451f1876\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/ff960f9d3edbe08a736b5a224d91a305ccc946b0\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/1b631bffcb2c09551888f3c723f4365c91fe05ef\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/2b82028a1f5ee3a8e04090776b10c534144ae77b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3a6cd326ead7c8bb1f64486789a01974a9f1ad55\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3af28df0d883e8c89a29ac31bc65f9023485743b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/cb7f811f638a14590ff98f53c6dd1fb54627d940\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/ef0394ca25953ea0eddcc82feae1f750451f1876\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/ff960f9d3edbe08a736b5a224d91a305ccc946b0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-40958\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-12T13:15:17.883\",\"lastModified\":\"2026-05-12T12:17:00.383\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetns: Make get_net_ns() handle zero refcount net\\n\\nSyzkaller hit a warning:\\nrefcount_t: addition on 0; use-after-free.\\nWARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0\\nModules linked in:\\nCPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\\nRIP: 0010:refcount_warn_saturate+0xdf/0x1d0\\nCode: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 \u003c0f\u003e 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1\\nRSP: 0018:ffff8881067b7da0 EFLAGS: 00010286\\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac\\nRDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001\\nRBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139\\nR10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4\\nR13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040\\nFS:  00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nCall Trace:\\n \u003cTASK\u003e\\n ? show_regs+0xa3/0xc0\\n ? __warn+0xa5/0x1c0\\n ? refcount_warn_saturate+0xdf/0x1d0\\n ? report_bug+0x1fc/0x2d0\\n ? refcount_warn_saturate+0xdf/0x1d0\\n ? handle_bug+0xa1/0x110\\n ? exc_invalid_op+0x3c/0xb0\\n ? asm_exc_invalid_op+0x1f/0x30\\n ? __warn_printk+0xcc/0x140\\n ? __warn_printk+0xd5/0x140\\n ? refcount_warn_saturate+0xdf/0x1d0\\n get_net_ns+0xa4/0xc0\\n ? __pfx_get_net_ns+0x10/0x10\\n open_related_ns+0x5a/0x130\\n __tun_chr_ioctl+0x1616/0x2370\\n ? __sanitizer_cov_trace_switch+0x58/0xa0\\n ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30\\n ? __pfx_tun_chr_ioctl+0x10/0x10\\n tun_chr_ioctl+0x2f/0x40\\n __x64_sys_ioctl+0x11b/0x160\\n x64_sys_call+0x1211/0x20d0\\n do_syscall_64+0x9e/0x1d0\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\nRIP: 0033:0x7f5b28f165d7\\nCode: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8\\nRSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7\\nRDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003\\nRBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0\\nR10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730\\nR13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000\\n \u003c/TASK\u003e\\nKernel panic - not syncing: kernel: panic_on_warn set ...\\n\\nThis is trigger as below:\\n          ns0                                    ns1\\ntun_set_iff() //dev is tun0\\n   tun-\u003edev = dev\\n//ip link set tun0 netns ns1\\n                                       put_net() //ref is 0\\n__tun_chr_ioctl() //TUNGETDEVNETNS\\n   net = dev_net(tun-\u003edev);\\n   open_related_ns(\u0026net-\u003ens, get_net_ns); //ns1\\n     get_net_ns()\\n        get_net() //addition on 0\\n\\nUse maybe_get_net() in get_net_ns in case net\u0027s ref is zero to fix this\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netns: haga que get_net_ns() maneje cero refcount net. Syzkaller recibi\u00f3 una advertencia: refcount_t: adici\u00f3n en 0; use-after-free. ADVERTENCIA: CPU: 3 PID: 7890 en lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0 M\u00f3dulos vinculados en: CPU: 3 PID: 7890 Comm: tun No contaminado 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310 Hardware nombre: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 01/04/2014 RIP: 0010:refcount_warn_saturate+0xdf/0x1d0 C\u00f3digo: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 \u0026lt;0f\u0026gt; 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1 RSP: 0018: ffff8881067b7da0 EFLAGS: 00010286 RAX: 00000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac RDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001 RBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139 R10: 00000000000000000 R11: 205d303938375420 R12: 8881086500c4 R13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040 FS : 00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fd18 CR3: 00000001482f6000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: ? show_regs+0xa3/0xc0? __advertir+0xa5/0x1c0 ? refcount_warn_saturate+0xdf/0x1d0? report_bug+0x1fc/0x2d0? refcount_warn_saturate+0xdf/0x1d0? handle_bug+0xa1/0x110? exc_invalid_op+0x3c/0xb0? asm_exc_invalid_op+0x1f/0x30? __warn_printk+0xcc/0x140 ? __warn_printk+0xd5/0x140 ? refcount_warn_saturate+0xdf/0x1d0 get_net_ns+0xa4/0xc0 ? __pfx_get_net_ns+0x10/0x10 open_ related_ns+0x5a/0x130 __tun_chr_ioctl+0x1616/0x2370 ? __sanitizer_cov_trace_switch+0x58/0xa0? __sanitizer_cov_trace_const_cmp2+0x1c/0x30 ? __pfx_tun_chr_ioctl+0x10/0x10 tun_chr_ioctl+0x2f/0x40 __x64_sys_ioctl+0x11b/0x160 x64_sys_call+0x1211/0x20d0 do_syscall_64+0x9e/0x1d0 Entry_SYSCALL_64_after_h wframe+0x77/0x7f RIP: 0033:0x7f5b28f165d7 C\u00f3digo: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ff 73 01 c3 48 8b 0d 81 48 2d 0 8 RSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7 RDX: 000000000 RSI: 00000000000054e3 RDI: 0000000000000003 RBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0 R10: 690010 R11: 0000000000000246 R12: 0000000000400730 R13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 00000000000000000  P\u00e1nico del kernel - no sincronizado: kernel: p\u00e1nico_on_warn set ... Esto se activa como se muestra a continuaci\u00f3n: ns0 ns1 tun_set_iff() //dev is tun0 tun-\u0026gt;dev = dev //ip link set tun0 netns ns1 put_net() //ref es 0 __tun_chr_ioctl() //TUNGETDEVNETNS net = dev_net(tun-\u0026gt;dev); open_ related_ns(\u0026amp;net-\u0026gt;ns, get_net_ns); //ns1 get_net_ns() get_net() //adici\u00f3n en 0 Use may_get_net() en get_net_ns en caso de que la referencia de red sea cero para solucionar este problema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndExcluding\":\"5.4.279\",\"matchCriteriaId\":\"5A16AF13-82B4-4031-88E2-F3A1AE0863D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.221\",\"matchCriteriaId\":\"659E1520-6345-41AF-B893-A7C0647585A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.162\",\"matchCriteriaId\":\"10A39ACC-3005-40E8-875C-98A372D1FFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.96\",\"matchCriteriaId\":\"61E887B4-732A-40D2-9983-CC6F281EBFB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.36\",\"matchCriteriaId\":\"E1046C95-860A-45B0-B718-2B29F65BFF10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.9.7\",\"matchCriteriaId\":\"0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBB4392-5FA6-4DA9-9772-8F9C750109FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"331C2F14-12C7-45D5-893D-8C52EE38EA10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3173713D-909A-4DD3-9DD4-1E171EB057EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"79F18AFA-40F7-43F0-BA30-7BDB65F918B9\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1b631bffcb2c09551888f3c723f4365c91fe05ef\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2b82028a1f5ee3a8e04090776b10c534144ae77b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3a6cd326ead7c8bb1f64486789a01974a9f1ad55\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3af28df0d883e8c89a29ac31bc65f9023485743b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cb7f811f638a14590ff98f53c6dd1fb54627d940\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ef0394ca25953ea0eddcc82feae1f750451f1876\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ff960f9d3edbe08a736b5a224d91a305ccc946b0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1b631bffcb2c09551888f3c723f4365c91fe05ef\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2b82028a1f5ee3a8e04090776b10c534144ae77b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3a6cd326ead7c8bb1f64486789a01974a9f1ad55\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3af28df0d883e8c89a29ac31bc65f9023485743b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cb7f811f638a14590ff98f53c6dd1fb54627d940\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ef0394ca25953ea0eddcc82feae1f750451f1876\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ff960f9d3edbe08a736b5a224d91a305ccc946b0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-355557.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-613116.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/3a6cd326ead7c8bb1f64486789a01974a9f1ad55\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/2b82028a1f5ee3a8e04090776b10c534144ae77b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/cb7f811f638a14590ff98f53c6dd1fb54627d940\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/1b631bffcb2c09551888f3c723f4365c91fe05ef\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/ef0394ca25953ea0eddcc82feae1f750451f1876\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/3af28df0d883e8c89a29ac31bc65f9023485743b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/ff960f9d3edbe08a736b5a224d91a305ccc946b0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:58:22.994Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RST2428P\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RST2428P\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCM-/XRM-/XCH-/XRH-300 family\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE XCM-/XRM-/XCH-/XRH-300 family\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-613116.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-355557.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T11:55:48.230Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-40958\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:03:35.616951Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:22.411Z\"}}], \"cna\": {\"title\": \"netns: Make get_net_ns() handle zero refcount net\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f\", \"lessThan\": \"3a6cd326ead7c8bb1f64486789a01974a9f1ad55\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f\", \"lessThan\": \"2b82028a1f5ee3a8e04090776b10c534144ae77b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f\", \"lessThan\": \"cb7f811f638a14590ff98f53c6dd1fb54627d940\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f\", \"lessThan\": \"1b631bffcb2c09551888f3c723f4365c91fe05ef\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f\", \"lessThan\": \"ef0394ca25953ea0eddcc82feae1f750451f1876\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f\", \"lessThan\": \"3af28df0d883e8c89a29ac31bc65f9023485743b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f\", \"lessThan\": \"ff960f9d3edbe08a736b5a224d91a305ccc946b0\", \"versionType\": \"git\"}], \"programFiles\": [\"net/core/net_namespace.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.2\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.2\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.279\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.221\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.162\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.96\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.36\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9.7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.9.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/core/net_namespace.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/3a6cd326ead7c8bb1f64486789a01974a9f1ad55\"}, {\"url\": \"https://git.kernel.org/stable/c/2b82028a1f5ee3a8e04090776b10c534144ae77b\"}, {\"url\": \"https://git.kernel.org/stable/c/cb7f811f638a14590ff98f53c6dd1fb54627d940\"}, {\"url\": \"https://git.kernel.org/stable/c/1b631bffcb2c09551888f3c723f4365c91fe05ef\"}, {\"url\": \"https://git.kernel.org/stable/c/ef0394ca25953ea0eddcc82feae1f750451f1876\"}, {\"url\": \"https://git.kernel.org/stable/c/3af28df0d883e8c89a29ac31bc65f9023485743b\"}, {\"url\": \"https://git.kernel.org/stable/c/ff960f9d3edbe08a736b5a224d91a305ccc946b0\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetns: Make get_net_ns() handle zero refcount net\\n\\nSyzkaller hit a warning:\\nrefcount_t: addition on 0; use-after-free.\\nWARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0\\nModules linked in:\\nCPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\\nRIP: 0010:refcount_warn_saturate+0xdf/0x1d0\\nCode: 41 49 04 31 ff 89 de e8 9f 1e cd fe 84 db 75 9c e8 76 26 cd fe c6 05 b6 41 49 04 01 90 48 c7 c7 b8 8e 25 86 e8 d2 05 b5 fe 90 \u003c0f\u003e 0b 90 90 e9 79 ff ff ff e8 53 26 cd fe 0f b6 1\\nRSP: 0018:ffff8881067b7da0 EFLAGS: 00010286\\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff811c72ac\\nRDX: ffff8881026a2140 RSI: ffffffff811c72b5 RDI: 0000000000000001\\nRBP: ffff8881067b7db0 R08: 0000000000000000 R09: 205b5d3730353139\\nR10: 0000000000000000 R11: 205d303938375420 R12: ffff8881086500c4\\nR13: ffff8881086500c4 R14: ffff8881086500b0 R15: ffff888108650040\\nFS:  00007f5b2961a4c0(0000) GS:ffff88823bd00000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 000055d7ed36fd18 CR3: 00000001482f6000 CR4: 00000000000006f0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nCall Trace:\\n \u003cTASK\u003e\\n ? show_regs+0xa3/0xc0\\n ? __warn+0xa5/0x1c0\\n ? refcount_warn_saturate+0xdf/0x1d0\\n ? report_bug+0x1fc/0x2d0\\n ? refcount_warn_saturate+0xdf/0x1d0\\n ? handle_bug+0xa1/0x110\\n ? exc_invalid_op+0x3c/0xb0\\n ? asm_exc_invalid_op+0x1f/0x30\\n ? __warn_printk+0xcc/0x140\\n ? __warn_printk+0xd5/0x140\\n ? refcount_warn_saturate+0xdf/0x1d0\\n get_net_ns+0xa4/0xc0\\n ? __pfx_get_net_ns+0x10/0x10\\n open_related_ns+0x5a/0x130\\n __tun_chr_ioctl+0x1616/0x2370\\n ? __sanitizer_cov_trace_switch+0x58/0xa0\\n ? __sanitizer_cov_trace_const_cmp2+0x1c/0x30\\n ? __pfx_tun_chr_ioctl+0x10/0x10\\n tun_chr_ioctl+0x2f/0x40\\n __x64_sys_ioctl+0x11b/0x160\\n x64_sys_call+0x1211/0x20d0\\n do_syscall_64+0x9e/0x1d0\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\nRIP: 0033:0x7f5b28f165d7\\nCode: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 8\\nRSP: 002b:00007ffc2b59c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b28f165d7\\nRDX: 0000000000000000 RSI: 00000000000054e3 RDI: 0000000000000003\\nRBP: 00007ffc2b59c650 R08: 00007f5b291ed8c0 R09: 00007f5b2961a4c0\\nR10: 0000000029690010 R11: 0000000000000246 R12: 0000000000400730\\nR13: 00007ffc2b59cf40 R14: 0000000000000000 R15: 0000000000000000\\n \u003c/TASK\u003e\\nKernel panic - not syncing: kernel: panic_on_warn set ...\\n\\nThis is trigger as below:\\n          ns0                                    ns1\\ntun_set_iff() //dev is tun0\\n   tun-\u003edev = dev\\n//ip link set tun0 netns ns1\\n                                       put_net() //ref is 0\\n__tun_chr_ioctl() //TUNGETDEVNETNS\\n   net = dev_net(tun-\u003edev);\\n   open_related_ns(\u0026net-\u003ens, get_net_ns); //ns1\\n     get_net_ns()\\n        get_net() //addition on 0\\n\\nUse maybe_get_net() in get_net_ns in case net\u0027s ref is zero to fix this\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.279\", \"versionStartIncluding\": \"5.2\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.221\", \"versionStartIncluding\": \"5.2\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.162\", \"versionStartIncluding\": \"5.2\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.96\", \"versionStartIncluding\": \"5.2\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.36\", \"versionStartIncluding\": \"5.2\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9.7\", \"versionStartIncluding\": \"5.2\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10\", \"versionStartIncluding\": \"5.2\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T20:23:07.741Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-40958\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T11:55:48.230Z\", \"dateReserved\": \"2024-07-12T12:17:45.593Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-07-12T12:32:00.431Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.