Informazioni sul CVE-2024-36013
Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2024-36013
Descrizione: Bluetooth: The Linux kernel has been resolved to fix a vulnerability. Specifically, the following issues were addressed: * **L2CAP:** A slab-use-after-free vulnerability was fixed in `l2cap_connect()`. * **Return Type:** The `l2cap_connect()` function is now void, which simplifies backporting for earlier kernels. * **Pointer Usage:** The return value of `l2cap_connect()` is now unused, so returning it could lead to problems. Returning it as void avoids this. * **Stack Trace:** The stack trace shows a potential use-after-free vulnerability within the `l2cap_connect()` function. The bug was identified in the following locations: * **`l2cap_bredr_sig_cmd`** * **`l2cap_connect`** * **`┌ mutex_lock(&conn->chan_lock);`** * **`│ chan = pchan->ops->new_connection(pchan); <- alloc chan`** * **`__l2cap_chan_add(conn, chan);`** * **`l2cap_chan_hold(chan);`** * **`list_add(&chan->list, &conn->chan_l);`** * **`mutex_unlock(&conn->chan_lock);`** * **`chan->conf_state`** * **`[free]`** * **`l2cap_conn_del`** * **`foreach chan in conn->chan_l:`** * **`l2cap_chan_put(chan);`** * **`l2cap_chan_destroy`** * **`kfree(chan)`** The code also contains a bug related to the `slab-use-after-free` vulnerability in `instrumented_read`.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5
- https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6
- https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658
Prodotti interessati
- Linux – Linux
- Linux – Linux