CVE-2024-40920

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: mst: fix suspicious rcu usage in br_mst_set_state

I converted br_mst_set_state to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the suspicious rcu usage warning.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8ca9a750fc711911ef616ceb627d07357b04545e < caaa2129784a04dcade0ea92c12e6ff90bbd23d8affected
LinuxLinux4488617e5e995a09abe4d81add5fb165674edb59 < 7caefa2771722e65496d85b62e1dc4442b7d1345affected
LinuxLinuxe43dd2b1ec746e105b7db5f9ad6ef14685a615a4 < 406bfc04b01ee47e4c626f77ecc7d9f85135b166affected
LinuxLinux3a7c1661ae1383364cd6092d851f5e5da64d476b < 546ceb1dfdac866648ec959cbc71d9525bd73462affected
LinuxLinuxa2b01e65d9ba8af2bb086d3b7288ca53a07249acaffected
LinuxLinux6.8.12 < 6.9affected
LinuxLinux6.1.93 < 6.1.95affected
LinuxLinux6.6.33 < 6.6.35affected
LinuxLinux6.9.3 < 6.9.6affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References