// For flags

CVE-2024-40920

net: bridge: mst: fix suspicious rcu usage in br_mst_set_state

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state I converted br_mst_set_state to RCU to avoid a vlan use-after-free
but forgot to change the vlan group dereference helper. Switch to vlan
group RCU deref helper to fix the suspicious rcu usage warning.

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state I converted br_mst_set_state to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the suspicious rcu usage warning.

This update for the Linux Kernel 6.4.0-150600_23_14 fixes several issues. The following security issues were fixed. Net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state. Net: bridge: mst: fix suspicious rcu usage in br_mst_set_state. Net: bridge: mst: fix vlan use-after-free. Cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie. Vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans. Fixed memory leak for not ip packets. Bluetooth: Ignore too large handle values in BIG. Btrfs: make sure that WRITTEN is set on all metadata blocks. Smb: client: fix use-after-free bug in cifs_debug_data_proc_show. Net: do not leave a dangling sk pointer, when socket creation fails bpf: Fix a potential use-after-free in bpf_link_free.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-07-12 CVE Reserved
  • 2024-07-12 CVE Published
  • 2025-05-04 CVE Updated
  • 2025-06-27 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1.93 < 6.1.95
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.93 < 6.1.95"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.6.33 < 6.6.35
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.33 < 6.6.35"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.9.3 < 6.9.6
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9.3 < 6.9.6"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
6.8.12
Search vendor "Linux" for product "Linux Kernel" and version "6.8.12"
en
Affected