PT-2024-9771 · Linux+4 · Linux Kernel+4

Published

2024-06-09

Updated

2025-02-03

CVE-2024-40921

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a null pointer dereference in the Linux kernel's mst component. Exploitation of this issue may allow an attacker to cause a denial of service. The vulnerability is resolved by passing the vlan group directly to the br mst vlan set state() function instead of dereferencing it again. Each caller has already correctly dereferenced it for their context. This change is required for a suspicious RCU dereference fix. No functional changes are intended.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-11517

CVE-2024-40921

DLA-4008-1

DSA-5731-1

OESA-2024-1960

OPENSUSE-SU-2025_0255-1

OPENSUSE-SU-2025_0262-1

OPENSUSE-SU-2025_0263-1

OPENSUSE-SU-2025_0265-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:0255-1

SUSE-SU-2025:0262-1

SUSE-SU-2025:0263-1

SUSE-SU-2025:0265-1

SUSE-SU-2025:0268-1

SUSE-SU-2025:0269-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

Affected Products

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-9771 · Linux+4 · Linux Kernel+4

CVE-2024-40921

Weakness Enumeration

Related Identifiers

Affected Products

References · 1277