5.5

CVE-2024-40921

EPSS 0.02%
Veröffentlicht 12.07.2024 13:15:15
Zuletzt bearbeitet 03.11.2025 22:17:14
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state

Pass the already obtained vlan group pointer to br_mst_vlan_set_state()
instead of dereferencing it again. Each caller has already correctly
dereferenced it for their context. This change is required for the
following suspicious RCU dereference fix. No functional changes
intended.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

NVD 7 VulnDex Vulnerability Enrichment 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.1.93 < 6.1.95

Linux ≫ Linux Kernel Version >= 6.6.33 < 6.6.35

Linux ≫ Linux Kernel Version >= 6.8.12 < 6.9

Linux ≫ Linux Kernel Version >= 6.9.3 < 6.9.6

Linux ≫ Linux Kernel Version6.10 Updaterc1

Linux ≫ Linux Kernel Version6.10 Updaterc2

Linux ≫ Linux Kernel Version6.10 Updaterc3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff

Patch

https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509

Patch

https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca

Patch

https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5

Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-40921

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-40921

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-40921

EUVD