CVE-2024-40920 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state I converted br_mst_set_state to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the suspicious rcu usage warning.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166
https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462
https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345
https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8
https://lore.kernel.org/linux-cve-announce/2024071212-CVE-2024-40920-c766@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-40920
https://www.cve.org/CVERecord?id=CVE-2024-40920

History

Thu, 12 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-12T12:25:02.222Z

Updated: 2024-11-05T09:33:10.392Z

Reserved: 2024-07-12T12:17:45.582Z

Link: CVE-2024-40920

Vulnrichment

Updated: 2024-08-02T04:39:55.750Z

NVD

Status : Awaiting Analysis

Published: 2024-07-12T13:15:15.003

Modified: 2024-07-12T16:34:58.687

Link: CVE-2024-40920

Redhat

Severity : Moderate

Publid Date: 2024-07-12T00:00:00Z

Links: CVE-2024-40920 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40920", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.582Z", "datePublished": "2024-07-12T12:25:02.222Z", "dateUpdated": "2024-11-05T09:33:10.392Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:33:10.392Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bridge/br_mst.c"], "versions": [{"version": "8ca9a750fc71", "lessThan": "caaa2129784a", "status": "affected", "versionType": "git"}, {"version": "4488617e5e99", "lessThan": "7caefa277172", "status": "affected", "versionType": "git"}, {"version": "e43dd2b1ec74", "lessThan": "406bfc04b01e", "status": "affected", "versionType": "git"}, {"version": "3a7c1661ae13", "lessThan": "546ceb1dfdac", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bridge/br_mst.c"], "versions": [{"version": "6.1.93", "lessThan": "6.1.95", "status": "affected", "versionType": "semver"}, {"version": "6.6.33", "lessThan": "6.6.35", "status": "affected", "versionType": "semver"}, {"version": "6.9.3", "lessThan": "6.9.6", "status": "affected", "versionType": "semver"}]}], "references": [{"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8"}, {"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345"}, {"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166"}, {"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462"}], "title": "net: bridge: mst: fix suspicious rcu usage in br_mst_set_state", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.750Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40920", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:33.673278Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:03.619Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.750Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40920", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:05:33.673278Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.304Z"}}], "cna": {"title": "net: bridge: mst: fix suspicious rcu usage in br_mst_set_state", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8ca9a750fc71", "lessThan": "caaa2129784a", "versionType": "git"}, {"status": "affected", "version": "4488617e5e99", "lessThan": "7caefa277172", "versionType": "git"}, {"status": "affected", "version": "e43dd2b1ec74", "lessThan": "406bfc04b01e", "versionType": "git"}, {"status": "affected", "version": "3a7c1661ae13", "lessThan": "546ceb1dfdac", "versionType": "git"}], "programFiles": ["net/bridge/br_mst.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1.93", "lessThan": "6.1.95", "versionType": "custom"}, {"status": "affected", "version": "6.6.33", "lessThan": "6.6.35", "versionType": "custom"}, {"status": "affected", "version": "6.9.3", "lessThan": "6.9.6", "versionType": "custom"}], "programFiles": ["net/bridge/br_mst.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8"}, {"url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345"}, {"url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166"}, {"url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:51:28.925Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40920", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:03.619Z", "dateReserved": "2024-07-12T12:17:45.582Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:25:02.222Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state", "id": "2297504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297504"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning.", "A vulnerability was found in the Linux kernel's bridge subsystem, related to Multiple Spanning Tree (MST). The `br_mst_set_state` function was converted to use RCU to prevent a VLAN use-after-free, but fails to update the VLAN group dereference helper. This leads to warnings about improper RCU usage."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40920", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40920\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40920\nhttps://lore.kernel.org/linux-cve-announce/2024071212-CVE-2024-40920-c766@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc4"}