cve-2024-36012
Vulnerability from cvelistv5
Published
2024-05-23 07:03
Modified
2024-11-05 09:26
Severity ?
EPSS score ?
Summary
Bluetooth: msft: fix slab-use-after-free in msft_do_close()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:54:16.912662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:54:24.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c",
"net/bluetooth/msft.c",
"net/bluetooth/msft.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3880b531b68",
"status": "affected",
"version": "bf6a4e30ffbd",
"versionType": "git"
},
{
"lessThan": "a85a60e62355",
"status": "affected",
"version": "bf6a4e30ffbd",
"versionType": "git"
},
{
"lessThan": "4f1de02de077",
"status": "affected",
"version": "bf6a4e30ffbd",
"versionType": "git"
},
{
"lessThan": "10f9f426ac6e",
"status": "affected",
"version": "bf6a4e30ffbd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c",
"net/bluetooth/msft.c",
"net/bluetooth/msft.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: fix slab-use-after-free in msft_do_close()\n\nTying the msft-\u003edata lifetime to hdev by freeing it in\nhci_release_dev() to fix the following case:\n\n[use]\nmsft_do_close()\n msft = hdev-\u003emsft_data;\n if (!msft) ...(1) \u003c- passed.\n return;\n mutex_lock(\u0026msft-\u003efilter_lock); ...(4) \u003c- used after freed.\n\n[free]\nmsft_unregister()\n msft = hdev-\u003emsft_data;\n hdev-\u003emsft_data = NULL; ...(2)\n kfree(msft); ...(3) \u003c- msft is freed.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __mutex_lock_common\nkernel/locking/mutex.c:587 [inline]\nBUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30\nkernel/locking/mutex.c:752\nRead of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:26:45.852Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76"
},
{
"url": "https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940"
},
{
"url": "https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56"
},
{
"url": "https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac"
}
],
"title": "Bluetooth: msft: fix slab-use-after-free in msft_do_close()",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36012",
"datePublished": "2024-05-23T07:03:06.904Z",
"dateReserved": "2024-05-17T13:50:33.153Z",
"dateUpdated": "2024-11-05T09:26:45.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-36012\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-23T07:15:08.900\",\"lastModified\":\"2024-05-24T01:15:30.977\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nBluetooth: msft: fix slab-use-after-free in msft_do_close()\\n\\nTying the msft-\u003edata lifetime to hdev by freeing it in\\nhci_release_dev() to fix the following case:\\n\\n[use]\\nmsft_do_close()\\n msft = hdev-\u003emsft_data;\\n if (!msft) ...(1) \u003c- passed.\\n return;\\n mutex_lock(\u0026msft-\u003efilter_lock); ...(4) \u003c- used after freed.\\n\\n[free]\\nmsft_unregister()\\n msft = hdev-\u003emsft_data;\\n hdev-\u003emsft_data = NULL; ...(2)\\n kfree(msft); ...(3) \u003c- msft is freed.\\n\\n==================================================================\\nBUG: KASAN: slab-use-after-free in __mutex_lock_common\\nkernel/locking/mutex.c:587 [inline]\\nBUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30\\nkernel/locking/mutex.c:752\\nRead of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: msft: corrija slab-use-after-free en msft_do_close() Vinculando la vida \u00fatil de msft-\u0026gt;data a hdev liber\u00e1ndolo en hci_release_dev() para solucionar el siguiente caso: [usar] msft_do_close() msft = hdev-\u0026gt;msft_data; if (!msft) ...(1) \u0026lt;- aprobado. devolver; mutex_lock(\u0026amp;msft-\u0026gt;filter_lock); ...(4) \u0026lt;- usado despu\u00e9s de liberado. [gratis] msft_unregister() msft = hdev-\u0026gt;msft_data; hdev-\u0026gt;msft_data = NULL; ...(2) klibre(msft); ...(3) \u0026lt;- se libera msft. ==================================================== ================ ERROR: KASAN: slab-use-after-free en __mutex_lock_common kernel/locking/mutex.c:587 [en l\u00ednea] ERROR: KASAN: slab-use-after -free en __mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Lectura de tama\u00f1o 8 en addr ffff888106cbbca8 por tarea kworker/u5:2/309\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.