CVE-2024-40921

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state

Pass the already obtained vlan group pointer to br_mst_vlan_set_state() instead of dereferencing it again. Each caller has already correctly dereferenced it for their context. This change is required for the following suspicious RCU dereference fix. No functional changes intended.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8ca9a750fc711911ef616ceb627d07357b04545e < 09f4337c27f5bdeb8646a6db91488cc2f7d537ffaffected
LinuxLinux4488617e5e995a09abe4d81add5fb165674edb59 < a6cc9e9a651b9861efa068c164ee62dfba68c6caaffected
LinuxLinuxe43dd2b1ec746e105b7db5f9ad6ef14685a615a4 < d2dc02775fc0c4eacaee833a0637e5958884a8e5affected
LinuxLinux3a7c1661ae1383364cd6092d851f5e5da64d476b < 36c92936e868601fa1f43da6758cf55805043509affected
LinuxLinuxa2b01e65d9ba8af2bb086d3b7288ca53a07249acaffected
LinuxLinux6.8.12 < 6.9affected
LinuxLinux6.1.93 < 6.1.95affected
LinuxLinux6.6.33 < 6.6.35affected
LinuxLinux6.9.3 < 6.9.6affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References