Bug 1227784 (CVE-2024-40921) - VUL-0: CVE-2024-40921: kernel: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state
Summary: VUL-0: CVE-2024-40921: kernel: net: bridge: mst: pass vlan group directly to ...
Status: NEW
Alias: CVE-2024-40921
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Michal Kubeček
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/413848/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-40921:5.5:(AV:...
Keywords:
Depends on: CVE-2024-36979
Blocks:
  Show dependency treegraph
 
Reported: 2024-07-15 11:26 UTC by SMASH SMASH
Modified: 2024-07-16 14:17 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-07-15 11:26:23 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state

Pass the already obtained vlan group pointer to br_mst_vlan_set_state()
instead of dereferencing it again. Each caller has already correctly
dereferenced it for their context. This change is required for the
following suspicious RCU dereference fix. No functional changes
intended.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40921
https://www.cve.org/CVERecord?id=CVE-2024-40921
https://git.kernel.org/stable/c/09f4337c27f5bdeb8646a6db91488cc2f7d537ff
https://git.kernel.org/stable/c/36c92936e868601fa1f43da6758cf55805043509
https://git.kernel.org/stable/c/a6cc9e9a651b9861efa068c164ee62dfba68c6ca
https://git.kernel.org/stable/c/d2dc02775fc0c4eacaee833a0637e5958884a8e5
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-40921.mbox