LiveActive security incident?Get immediate response
CVE Record

CVE-2024-40941: wifi: iwlwifi: mvm: don't read past the mfuart notifcation

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the buffer, we won't see it by default. If needed, we can see the content with tracing. This was reported by KFENCE.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue can make the iwlwifi Wi-Fi driver read beyond an allocated firmware notification buffer. The published record does not provide CVSS, a CWE, or evidence of active exploitation. Treat it as a kernel memory-safety defect requiring routine kernel update tracking, especially for Linux systems using the affected Wi-Fi driver path.

Executive priority

Prioritize through standard kernel patch management rather than emergency response unless your environment has high dependence on affected Linux Wi-Fi systems or vendor advisories identify exposed products. No active exploitation is supported by the supplied sources.

Technical view

CVE-2024-40941 is an out-of-bounds read in Linux iwlwifi mvm handling of mfuart notifications. If firmware reports more notification data than is actually allocated, the driver may read past the notification buffer. The fix removes printing of that buffer content. KFENCE reported the condition.

Likely exposure

Exposure is most plausible on Linux kernels in the listed affected ranges where the iwlwifi mvm driver path is present and used. The bundle lists affected kernel versions from 4.12 through 6.10, with stable fixes referenced. Downstream impact should be checked through Linux distribution and vendor advisories.

Exploitation context

The source bundle does not show KEV listing, public exploitation, weaponized proof-of-concept, or attacker prerequisites. The trigger described is malformed or inconsistent firmware notification data. Business risk is uncertain because impact details, reachability, and exploitability are not scored in the provided sources.

Researcher notes

The core evidence is a kernel stable fix for an iwlwifi mvm mfuart notification bounds issue, reported by KFENCE. The record lacks CVSS, CWE, crash impact, information disclosure detail, and exploitability analysis. Avoid broad claims beyond affected Linux kernel ranges and downstream advisory coverage.

Mitigation direction

  • Update to a Linux kernel containing the referenced stable fixes.
  • Use distribution advisories for packaged kernel update availability.
  • Check Debian LTS guidance if operating Debian LTS systems.
  • Check Siemens advisories for affected Siemens-managed products.
  • Track vendor guidance where kernel updates are appliance-controlled.

Validation and detection

  • Inventory Linux kernel versions across laptops, servers, and appliances.
  • Identify systems loading or depending on the iwlwifi driver path.
  • Compare running kernels with vendor-fixed package versions.
  • Review distribution security notices for CVE-2024-40941 coverage.
  • Confirm vendor appliances have applicable firmware or kernel updates.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-40941 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
12Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxbdccdb854f2fb473f2ac4a6108df3cbfcedd5a87, bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87, bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87, bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87, bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87, bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87, bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87, bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87unaffected
LinuxLinux4.12, 0, 4.19.317, 5.4.279, 5.10.221, 5.15.162, 6.1.95, 6.6.35, 6.9.6, 6.10affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.