CVE-2024-40921Resource Injection in Linux

CWE-99Resource Injection19 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJul 12
Latest updateSep 23

Description

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Pass the already obtained vlan group pointer to br_mst_vlan_set_state() instead of dereferencing it again. Each caller has already correctly dereferenced it for their context. This change is required for the following suspicious RCU dereference fix. No functional changes intended.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel6.1.936.1.95+4
Debianlinux/linux_kernel< 6.1.99-1+2
Ubuntulinux/linux_kernel< 6.8.0-44.44
CVEListV5linux/linux8ca9a750fc711911ef616ceb627d07357b04545e09f4337c27f5bdeb8646a6db91488cc2f7d537ff+7
debiandebian/linux< linux 6.1.99-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

9
OSV
linux-hwe-6.82024-09-23
OSV
linux-raspi vulnerabilities2024-09-23
OSV
linux-lowlatency-hwe-6.8 vulnerabilities2024-09-13
OSV
linux-nvidia-6.8 vulnerabilities2024-09-13
OSV
linux-nvidia, linux-nvidia-lowlatency vulnerabilities2024-09-12

📋Vendor Advisories

9
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-13
Ubuntu
Linux kernel vulnerabilities2024-09-13
Ubuntu
Linux kernel vulnerabilities2024-09-12