CVE-2024-40920

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state I converted br_mst_set_state to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the suspicious rcu usage warning.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166	Patch
https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462	Patch
https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345	Patch
https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8	Patch
https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166	Patch
https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462	Patch
https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345	Patch
https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8	Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::

History

03 Nov 2025, 22:17

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

Information

Published : 2024-07-12 13:15

Updated : 2025-11-03 22:17

NVD link : CVE-2024-40920

Mitre link : CVE-2024-40920

CVE.ORG link : CVE-2024-40920

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

{"id": "CVE-2024-40920", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-07-12T13:15:15.003", "references": [{"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: bridge: mst: corrige el uso sospechoso de rcu en br_mst_set_state Convert\u00ed br_mst_set_state a RCU para evitar un use-after-free de VLAN, pero olvid\u00e9 cambiar el asistente de desreferencia del grupo VLAN. Cambie al asistente deref de RCU del grupo vlan para corregir la advertencia de uso sospechoso de rcu."}], "lastModified": "2025-11-03T22:17:14.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12D7386D-25E8-40A5-B960-F1289E3EB949", "versionEndExcluding": "6.1.95", "versionStartIncluding": "6.1.93"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB52DAFF-C60A-4A6B-AF37-0991CBCE7C93", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.6.33"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2D25EF8-8B93-4187-9555-F83C6F1ECA47", "versionEndExcluding": "6.9", "versionStartIncluding": "6.8.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B88D7AAA-B04F-4917-8190-1583726FE2B2", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.9.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}