Security readout for executives and security teams
Plain-English summary
This is a Linux kernel IPv6 routing race found by syzbot. Under specific cleanup timing, the kernel can dereference a cleared per-CPU route pointer and crash. The sources show it has been fixed upstream, but they do not provide CVSS, attack prerequisites, or evidence of real-world exploitation.
Executive priority
Handle as a patch-management item with uncertain severity. It can crash affected Linux kernels, but the bundle does not show active exploitation or business-impacting attack details. Prioritize based on kernel exposure, multi-tenant workload risk, and vendor advisory relevance.
Technical view
The flaw is in __fib6_drop_pcpu_from() in Linux IPv6 FIB cleanup. A second compiler read of *ppcpu_rt could observe NULL after another CPU clears it in rt6_get_pcpu_route(). The fix adds READ_ONCE() and RCU read-side protection while dereferencing pcpu_rt.
Likely exposure
Exposure is limited to systems running affected Linux kernel versions or downstream products that include them. The affected context is IPv6 routing cleanup, including network namespace and device teardown paths. The bundle does not prove whether exploitation requires local privileges, namespace access, or specific configuration.
Exploitation context
The source bundle reports a syzbot-triggered kernel oops and says KEV is false. No cited source in the bundle reports active exploitation, public weaponization, or a practical attack path. Treat exploitability evidence as incomplete.
Researcher notes
Key uncertainty is triggerability outside syzkaller. The crash path involves cleanup_net, addrconf_ifdown, rt6_disable_ip, and fib6 route deletion. The fix is a race hardening change: READ_ONCE plus RCU read locking around pcpu_rt dereference.
Mitigation direction
Upgrade to a kernel or vendor package containing the referenced upstream stable fix.
Follow downstream vendor guidance for Debian LTS and Siemens affected products.
Prioritize internet-facing and multi-tenant Linux hosts after confirming kernel exposure.
Avoid direct wrangler-style assumptions; validate through vendor advisories and package changelogs.
Monitor kernel crash logs for IPv6 FIB cleanup oops signatures until patched.
Validation and detection
Inventory running kernel versions across Linux servers, containers hosts, and appliances.
Compare versions against the affected ranges and referenced stable commits.
Check package changelogs for CVE-2024-40905 or the IPv6 pcpu route race fix.
Review logs for __fib6_drop_pcpu_from, fib6_purge_rt, or IPv6 route cleanup crashes.
Confirm applicable Debian LTS or Siemens advisories for managed products.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-40905 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.