CVE-2024-40921

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-40921

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40921.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-40921

Downstream

DEBIAN-CVE-2024-40921

DLA-4008-1

DSA-5731-1

OESA-2024-1960

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:0255-1

SUSE-SU-2025:0262-1

SUSE-SU-2025:0263-1

SUSE-SU-2025:0265-1

SUSE-SU-2025:0268-1

SUSE-SU-2025:0269-1

UBUNTU-CVE-2024-40921

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

Related

Published

2024-07-12T13:15:15Z

Modified

2025-09-17T15:44:50Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: mst: pass vlan group directly to brmstvlansetstate

Pass the already obtained vlan group pointer to brmstvlansetstate() instead of dereferencing it again. Each caller has already correctly dereferenced it for their context. This change is required for the following suspicious RCU dereference fix. No functional changes intended.

References

Affected packages