CVE-2024-40920
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
I converted br_mst_set_state to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the suspicious rcu usage warning.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 8ca9a750fc711911ef616ceb627d07357b04545e < caaa2129784a04dcade0ea92c12e6ff90bbd23d8 | affected |
| Linux | Linux | 4488617e5e995a09abe4d81add5fb165674edb59 < 7caefa2771722e65496d85b62e1dc4442b7d1345 | affected |
| Linux | Linux | e43dd2b1ec746e105b7db5f9ad6ef14685a615a4 < 406bfc04b01ee47e4c626f77ecc7d9f85135b166 | affected |
| Linux | Linux | 3a7c1661ae1383364cd6092d851f5e5da64d476b < 546ceb1dfdac866648ec959cbc71d9525bd73462 | affected |
| Linux | Linux | a2b01e65d9ba8af2bb086d3b7288ca53a07249ac | affected |
| Linux | Linux | 6.8.12 < 6.9 | affected |
| Linux | Linux | 6.1.93 < 6.1.95 | affected |
| Linux | Linux | 6.6.33 < 6.6.35 | affected |
| Linux | Linux | 6.9.3 < 6.9.6 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8
- https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345
- https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166
- https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8
- https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345
- https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166
- https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.