PT-2024-9774 · Linux+5 · Linux Kernel+5

Published

2024-06-09

Updated

2025-02-03

CVE-2024-40920

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to suspicious RCU usage in the br mst set state function, which could lead to a use-after-free error. This was caused by converting br mst set state to RCU without changing the vlan group dereference helper. The problem is fixed by switching to the vlan group RCU deref helper. An attacker could potentially exploit this issue to elevate privileges in the system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-11520

CVE-2024-40920

DLA-4008-1

DSA-5731-1

OESA-2024-1960

OPENSUSE-SU-2025_0255-1

OPENSUSE-SU-2025_0262-1

OPENSUSE-SU-2025_0263-1

OPENSUSE-SU-2025_0265-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:0255-1

SUSE-SU-2025:0262-1

SUSE-SU-2025:0263-1

SUSE-SU-2025:0265-1

SUSE-SU-2025:0268-1

SUSE-SU-2025:0269-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-9774 · Linux+5 · Linux Kernel+5

CVE-2024-40920

Weakness Enumeration

Related Identifiers

Affected Products

References · 1277