Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Pass the already obtained vlan group pointer to br_mst_vlan_set_state() instead of dereferencing it again. Each caller has already correctly dereferenced it for their context. This change is required for the following suspicious RCU dereference fix. No functional changes intended.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.1.93, < 6.1.95 |
References
- https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ffPatch
- https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509Patch
- https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6caPatch
- https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5Patch
- https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ffPatch
- https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509Patch
- https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6caPatch
- https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5Patch
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
FAQ
What is CVE-2024-40921?
CVE-2024-40921 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Pass the already obtained vlan group pointer to br_mst_vlan_se...
How severe is CVE-2024-40921?
CVE-2024-40921 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-40921?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.