CVE-2024-40920
📋 TL;DR
This CVE addresses a use-after-free vulnerability in the Linux kernel's bridge Multiple Spanning Tree (MST) implementation. The flaw occurs when improper RCU (Read-Copy-Update) handling in br_mst_set_state could lead to memory corruption. Systems running affected Linux kernel versions with bridge networking and MST enabled are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation leading to full system compromise.
Likely Case
System instability, crashes, or denial of service affecting network connectivity.
If Mitigated
Minimal impact if MST is disabled or systems are not using bridge networking.
🎯 Exploit Status
Exploitation requires local network access and specific bridge/MST configuration. The vulnerability was discovered through code analysis and fixed proactively.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 406bfc04b01ee47e4c626f77ecc7d9f85135b166, 546ceb1dfdac866648ec959cbc71d9525bd73462, 7caefa2771722e65496d85b62e1dc4442b7d1345, caaa2129784a04dcade0ea92c12e6ff90bbd23d8
Vendor Advisory: https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable MST on bridge interfaces
linuxDisable Multiple Spanning Tree protocol on bridge interfaces if not required
bridge mst set dev <bridge_name> mst 0 disable
Disable bridge networking
linuxRemove or disable bridge interfaces if not needed
ip link set <bridge_name> down
ip link delete <bridge_name>
🧯 If You Can't Patch
- Disable MST protocol on all bridge interfaces
- Implement network segmentation to limit bridge interface exposure
🔍 How to Verify
Check if Vulnerable:
Check if bridge interfaces have MST enabled: 'bridge mst show' and verify kernel version against patched commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and test bridge/MST functionality📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- RCU warnings in dmesg
- Bridge/MST related crashes
Network Indicators:
- Unexpected bridge interface failures
- MST protocol anomalies
SIEM Query:
source="kernel" AND ("RCU" OR "use-after-free" OR "bridge" OR "mst")🔗 References
- https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166
- https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462
- https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345
- https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8
- https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166
- https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462
- https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345
- https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
