CVE-2024-40921
net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Pass the already obtained vlan group pointer to br_mst_vlan_set_state()
instead of dereferencing it again. Each caller has already correctly
dereferenced it for their context. This change is required for the
following suspicious RCU dereference fix. No functional changes
intended.
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Pass the already obtained vlan group pointer to br_mst_vlan_set_state() instead of dereferencing it again. Each caller has already correctly dereferenced it for their context. This change is required for the following suspicious RCU dereference fix. No functional changes intended.
This update for the Linux Kernel 6.4.0-150600_23_14 fixes several issues. The following security issues were fixed. Net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state. Net: bridge: mst: fix suspicious rcu usage in br_mst_set_state. Net: bridge: mst: fix vlan use-after-free. Cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie. Vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans. Fixed memory leak for not ip packets. Bluetooth: Ignore too large handle values in BIG. Btrfs: make sure that WRITTEN is set on all metadata blocks. Smb: client: fix use-after-free bug in cifs_debug_data_proc_show. Net: do not leave a dangling sk pointer, when socket creation fails bpf: Fix a potential use-after-free in bpf_link_free.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-12 CVE Reserved
- 2024-07-12 CVE Published
- 2025-05-04 CVE Updated
- 2025-06-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/8ca9a750fc711911ef616ceb627d07357b04545e | Vuln. Introduced | |
| https://git.kernel.org/stable/c/4488617e5e995a09abe4d81add5fb165674edb59 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/e43dd2b1ec746e105b7db5f9ad6ef14685a615a4 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/a2b01e65d9ba8af2bb086d3b7288ca53a07249ac | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.93 < 6.1.95 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.93 < 6.1.95" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6.33 < 6.6.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.33 < 6.6.35" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.9.3 < 6.9.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9.3 < 6.9.6" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version "6.8.12" | en |
Affected
| ||||||