CVE-2024-40921

net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state

Description

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Pass the already obtained vlan group pointer to br_mst_vlan_set_state() instead of dereferencing it again. Each caller has already correctly dereferenced it for their context. This change is required for the following suspicious RCU dereference fix. No functional changes intended.

N/A

CVSS

Severity:

EPSS 0.12%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff
https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca
https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5
https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509

Frequently Asked Questions

What is the severity of CVE-2024-40921?: CVE-2024-40921 has not yet been assigned a CVSS score.
How to fix CVE-2024-40921?: To fix CVE-2024-40921, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-40921 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-40921 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-40921?: CVE-2024-40921 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.