{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40921", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.582Z", "datePublished": "2024-07-12T12:25:02.907Z", "dateUpdated": "2025-05-04T12:57:15.850Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:57:15.850Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: pass vlan group directly to br_mst_vlan_set_state\n\nPass the already obtained vlan group pointer to br_mst_vlan_set_state()\ninstead of dereferencing it again. Each caller has already correctly\ndereferenced it for their context. This change is required for the\nfollowing suspicious RCU dereference fix. No functional changes\nintended."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bridge/br_mst.c"], "versions": [{"version": "8ca9a750fc711911ef616ceb627d07357b04545e", "lessThan": "09f4337c27f5bdeb8646a6db91488cc2f7d537ff", "status": "affected", "versionType": "git"}, {"version": "4488617e5e995a09abe4d81add5fb165674edb59", "lessThan": "a6cc9e9a651b9861efa068c164ee62dfba68c6ca", "status": "affected", "versionType": "git"}, {"version": "e43dd2b1ec746e105b7db5f9ad6ef14685a615a4", "lessThan": "d2dc02775fc0c4eacaee833a0637e5958884a8e5", "status": "affected", "versionType": "git"}, {"version": "3a7c1661ae1383364cd6092d851f5e5da64d476b", "lessThan": "36c92936e868601fa1f43da6758cf55805043509", "status": "affected", "versionType": "git"}, {"version": "a2b01e65d9ba8af2bb086d3b7288ca53a07249ac", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bridge/br_mst.c"], "versions": [{"version": "6.1.93", "lessThan": "6.1.95", "status": "affected", "versionType": "semver"}, {"version": "6.6.33", "lessThan": "6.6.35", "status": "affected", "versionType": "semver"}, {"version": "6.9.3", "lessThan": "6.9.6", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.93", "versionEndExcluding": "6.1.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.33", "versionEndExcluding": "6.6.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9.3", "versionEndExcluding": "6.9.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff"}, {"url": "https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca"}, {"url": "https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5"}, {"url": "https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509"}], "title": "net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.321Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40921", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:30.546464Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:28.825Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.321Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40921", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:30.546464Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.574Z"}}], "cna": {"title": "net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8ca9a750fc711911ef616ceb627d07357b04545e", "lessThan": "09f4337c27f5bdeb8646a6db91488cc2f7d537ff", "versionType": "git"}, {"status": "affected", "version": "4488617e5e995a09abe4d81add5fb165674edb59", "lessThan": "a6cc9e9a651b9861efa068c164ee62dfba68c6ca", "versionType": "git"}, {"status": "affected", "version": "e43dd2b1ec746e105b7db5f9ad6ef14685a615a4", "lessThan": "d2dc02775fc0c4eacaee833a0637e5958884a8e5", "versionType": "git"}, {"status": "affected", "version": "3a7c1661ae1383364cd6092d851f5e5da64d476b", "lessThan": "36c92936e868601fa1f43da6758cf55805043509", "versionType": "git"}], "programFiles": ["net/bridge/br_mst.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1.93", "lessThan": "6.1.95", "versionType": "semver"}, {"status": "affected", "version": "6.6.33", "lessThan": "6.6.35", "versionType": "semver"}, {"status": "affected", "version": "6.9.3", "lessThan": "6.9.6", "versionType": "semver"}], "programFiles": ["net/bridge/br_mst.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff"}, {"url": "https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca"}, {"url": "https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5"}, {"url": "https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: pass vlan group directly to br_mst_vlan_set_state\n\nPass the already obtained vlan group pointer to br_mst_vlan_set_state()\ninstead of dereferencing it again. Each caller has already correctly\ndereferenced it for their context. This change is required for the\nfollowing suspicious RCU dereference fix. No functional changes\nintended."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:08:13.931Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40921", "state": "PUBLISHED", "dateUpdated": "2024-12-19T09:08:13.931Z", "dateReserved": "2024-07-12T12:17:45.582Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:02.907Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "12D7386D-25E8-40A5-B960-F1289E3EB949", "versionEndExcluding": "6.1.95", "versionStartIncluding": "6.1.93", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB52DAFF-C60A-4A6B-AF37-0991CBCE7C93", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.6.33", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2D25EF8-8B93-4187-9555-F83C6F1ECA47", "versionEndExcluding": "6.9", "versionStartIncluding": "6.8.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B88D7AAA-B04F-4917-8190-1583726FE2B2", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.9.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: pass vlan group directly to br_mst_vlan_set_state\n\nPass the already obtained vlan group pointer to br_mst_vlan_set_state()\ninstead of dereferencing it again. Each caller has already correctly\ndereferenced it for their context. This change is required for the\nfollowing suspicious RCU dereference fix. No functional changes\nintended."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bridge: mst: pasar grupo vlan directamente a br_mst_vlan_set_state Pase el puntero del grupo vlan ya obtenido a br_mst_vlan_set_state() en lugar de desreferenciarlo nuevamente. Cada persona que llama ya lo ha desreferenciado correctamente para su contexto. Este cambio es necesario para la siguiente correcci\u00f3n sospechosa de desreferencia de RCU. No se pretenden cambios funcionales."}], "id": "CVE-2024-40921", "lastModified": "2025-09-17T15:44:50.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:15.060", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state", "id": "2297505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297505"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: bridge: mst: pass vlan group directly to br_mst_vlan_set_state\nPass the already obtained vlan group pointer to br_mst_vlan_set_state()\ninstead of dereferencing it again. Each caller has already correctly\ndereferenced it for their context. This change is required for the\nfollowing suspicious RCU dereference fix. No functional changes\nintended."], "name": "CVE-2024-40921", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40921\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40921\nhttps://lore.kernel.org/linux-cve-announce/2024071213-CVE-2024-40921-b535@gregkh/T"], "threat_severity": "Low"}