{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40920", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.582Z", "datePublished": "2024-07-12T12:25:02.222Z", "dateUpdated": "2025-05-04T12:57:14.602Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:57:14.602Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bridge/br_mst.c"], "versions": [{"version": "8ca9a750fc711911ef616ceb627d07357b04545e", "lessThan": "caaa2129784a04dcade0ea92c12e6ff90bbd23d8", "status": "affected", "versionType": "git"}, {"version": "4488617e5e995a09abe4d81add5fb165674edb59", "lessThan": "7caefa2771722e65496d85b62e1dc4442b7d1345", "status": "affected", "versionType": "git"}, {"version": "e43dd2b1ec746e105b7db5f9ad6ef14685a615a4", "lessThan": "406bfc04b01ee47e4c626f77ecc7d9f85135b166", "status": "affected", "versionType": "git"}, {"version": "3a7c1661ae1383364cd6092d851f5e5da64d476b", "lessThan": "546ceb1dfdac866648ec959cbc71d9525bd73462", "status": "affected", "versionType": "git"}, {"version": "a2b01e65d9ba8af2bb086d3b7288ca53a07249ac", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bridge/br_mst.c"], "versions": [{"version": "6.1.93", "lessThan": "6.1.95", "status": "affected", "versionType": "semver"}, {"version": "6.6.33", "lessThan": "6.6.35", "status": "affected", "versionType": "semver"}, {"version": "6.9.3", "lessThan": "6.9.6", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.93", "versionEndExcluding": "6.1.95"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.33", "versionEndExcluding": "6.6.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9.3", "versionEndExcluding": "6.9.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8"}, {"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345"}, {"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166"}, {"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462"}], "title": "net: bridge: mst: fix suspicious rcu usage in br_mst_set_state", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.750Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40920", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:33.673278Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:03.619Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.750Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40920", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:33.673278Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.304Z"}}], "cna": {"title": "net: bridge: mst: fix suspicious rcu usage in br_mst_set_state", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8ca9a750fc71", "lessThan": "caaa2129784a", "versionType": "git"}, {"status": "affected", "version": "4488617e5e99", "lessThan": "7caefa277172", "versionType": "git"}, {"status": "affected", "version": "e43dd2b1ec74", "lessThan": "406bfc04b01e", "versionType": "git"}, {"status": "affected", "version": "3a7c1661ae13", "lessThan": "546ceb1dfdac", "versionType": "git"}], "programFiles": ["net/bridge/br_mst.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1.93", "lessThan": "6.1.95", "versionType": "custom"}, {"status": "affected", "version": "6.6.33", "lessThan": "6.6.35", "versionType": "custom"}, {"status": "affected", "version": "6.9.3", "lessThan": "6.9.6", "versionType": "custom"}], "programFiles": ["net/bridge/br_mst.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8"}, {"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345"}, {"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166"}, {"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:51:28.925Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40920", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:03.619Z", "dateReserved": "2024-07-12T12:17:45.582Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:02.222Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "12D7386D-25E8-40A5-B960-F1289E3EB949", "versionEndExcluding": "6.1.95", "versionStartIncluding": "6.1.93", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB52DAFF-C60A-4A6B-AF37-0991CBCE7C93", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.6.33", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2D25EF8-8B93-4187-9555-F83C6F1ECA47", "versionEndExcluding": "6.9", "versionStartIncluding": "6.8.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B88D7AAA-B04F-4917-8190-1583726FE2B2", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.9.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: bridge: mst: corrige el uso sospechoso de rcu en br_mst_set_state Convert\u00ed br_mst_set_state a RCU para evitar un use-after-free de VLAN, pero olvid\u00e9 cambiar el asistente de desreferencia del grupo VLAN. Cambie al asistente deref de RCU del grupo vlan para corregir la advertencia de uso sospechoso de rcu."}], "id": "CVE-2024-40920", "lastModified": "2025-09-17T15:40:24.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:15.003", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state", "id": "2297504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297504"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning.", "A vulnerability was found in the Linux kernel's bridge subsystem, related to Multiple Spanning Tree (MST). The `br_mst_set_state` function was converted to use RCU to prevent a VLAN use-after-free, but fails to update the VLAN group dereference helper. This leads to warnings about improper RCU usage."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40920", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40920\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40920\nhttps://lore.kernel.org/linux-cve-announce/2024071212-CVE-2024-40920-c766@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}