cve-2024-36968
Vulnerability from cvelistv5
Published
2024-06-08 12:53
Modified
2024-11-05 09:29
Severity ?
EPSS score ?
Summary
Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T14:43:17.673959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T14:43:45.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dfece2b4e3759759b2bdfac2cd6d0ee9fbf055f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/bluetooth/hci.h",
"include/net/bluetooth/hci_core.h",
"net/bluetooth/hci_conn.c",
"net/bluetooth/hci_event.c",
"net/bluetooth/iso.c",
"net/bluetooth/l2cap_core.c",
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad3f7986c5a0",
"status": "affected",
"version": "6ed58ec520ad",
"versionType": "git"
},
{
"lessThan": "dfece2b4e375",
"status": "affected",
"version": "6ed58ec520ad",
"versionType": "git"
},
{
"lessThan": "d2b2f7d3936d",
"status": "affected",
"version": "6ed58ec520ad",
"versionType": "git"
},
{
"lessThan": "4d3dbaa25225",
"status": "affected",
"version": "6ed58ec520ad",
"versionType": "git"
},
{
"lessThan": "a5b862c6a221",
"status": "affected",
"version": "6ed58ec520ad",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/bluetooth/hci.h",
"include/net/bluetooth/hci_core.h",
"net/bluetooth/hci_conn.c",
"net/bluetooth/hci_event.c",
"net/bluetooth/iso.c",
"net/bluetooth/l2cap_core.c",
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.39"
},
{
"lessThan": "2.6.39",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()\n\nl2cap_le_flowctl_init() can cause both div-by-zero and an integer\noverflow since hdev-\u003ele_mtu may not fall in the valid range.\n\nMove MTU from hci_dev to hci_conn to validate MTU and stop the connection\nprocess earlier if MTU is invalid.\nAlso, add a missing validation in read_buffer_size() and make it return\nan error value if the validation fails.\nNow hci_conn_add() returns ERR_PTR() as it can fail due to the both a\nkzalloc failure and invalid MTU value.\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci0 hci_rx_work\nRIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547\nCode: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c\n89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 \u003c66\u003e f7 f3 89 c3 ff c3 4d 8d\nb7 88 00 00 00 4c 89 f0 48 c1 e8 03 42\nRSP: 0018:ffff88810bc0f858 EFLAGS: 00010246\nRAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f\nRBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa\nR10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084\nR13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000\nFS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]\n l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]\n l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]\n l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809\n l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506\n hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]\n hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335\n worker_thread+0x926/0xe70 kernel/workqueue.c:3416\n kthread+0x2e3/0x380 kernel/kthread.c:388\n ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:29:01.263Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674"
},
{
"url": "https://git.kernel.org/stable/c/dfece2b4e3759759b2bdfac2cd6d0ee9fbf055f3"
},
{
"url": "https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30"
},
{
"url": "https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8"
},
{
"url": "https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44"
}
],
"title": "Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36968",
"datePublished": "2024-06-08T12:53:00.562Z",
"dateReserved": "2024-05-30T15:25:07.081Z",
"dateUpdated": "2024-11-05T09:29:01.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-36968\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-08T13:15:58.093\",\"lastModified\":\"2024-07-17T16:59:39.987\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nBluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()\\n\\nl2cap_le_flowctl_init() can cause both div-by-zero and an integer\\noverflow since hdev-\u003ele_mtu may not fall in the valid range.\\n\\nMove MTU from hci_dev to hci_conn to validate MTU and stop the connection\\nprocess earlier if MTU is invalid.\\nAlso, add a missing validation in read_buffer_size() and make it return\\nan error value if the validation fails.\\nNow hci_conn_add() returns ERR_PTR() as it can fail due to the both a\\nkzalloc failure and invalid MTU value.\\n\\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\\nCPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\\nWorkqueue: hci0 hci_rx_work\\nRIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547\\nCode: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c\\n89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 \u003c66\u003e f7 f3 89 c3 ff c3 4d 8d\\nb7 88 00 00 00 4c 89 f0 48 c1 e8 03 42\\nRSP: 0018:ffff88810bc0f858 EFLAGS: 00010246\\nRAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000\\nRDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f\\nRBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa\\nR10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084\\nR13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000\\nFS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000\\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0\\nPKRU: 55555554\\nCall Trace:\\n \u003cTASK\u003e\\n l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]\\n l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]\\n l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]\\n l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809\\n l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506\\n hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]\\n hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176\\n process_one_work kernel/workqueue.c:3254 [inline]\\n process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335\\n worker_thread+0x926/0xe70 kernel/workqueue.c:3416\\n kthread+0x2e3/0x380 kernel/kthread.c:388\\n ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147\\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\\n \u003c/TASK\u003e\\nModules linked in:\\n---[ end trace 0000000000000000 ]---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: L2CAP: corrige div-by-zero en l2cap_le_flowctl_init() l2cap_le_flowctl_init() puede causar tanto div-by-zero como un desbordamiento de enteros ya que hdev-\u0026gt;le_mtu puede no caer el rango v\u00e1lido. Mueva MTU de hci_dev a hci_conn para validar MTU y detener el proceso de conexi\u00f3n antes si MTU no es v\u00e1lido. Adem\u00e1s, agregue una validaci\u00f3n faltante en read_buffer_size() y haga que devuelva un valor de error si la validaci\u00f3n falla. Ahora hci_conn_add() devuelve ERR_PTR() ya que puede fallar debido a una falla de kzalloc y un valor de MTU no v\u00e1lido. error de divisi\u00f3n: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: GW 6.9.0-rc5+ #20 Nombre de hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.15.0-1 01/04/2014 Cola de trabajo: hci0 hci_rx_work RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547 C\u00f3digo: e8 17 17 0c 00 66 41 89 9f 84 00 00 novio 01 00 00 00 41 b8 02 00 00 00 4c 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 \u0026lt;66\u0026gt; f7 f3 89 c3 ff c3 4d 8d b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42 RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246 RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 810bc0f7c0 RDI: ffffc90002dcb66f RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa R10: 0084000000ffaaaa R11: 0000000000000000 R12 : ffff88810d65a084 R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000 FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 50033 CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0 PKRU: 55555554 Seguimiento de llamadas: l2cap_le_connect_req net /bluetooth/l2cap_core.c:4902 [en l\u00ednea] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [en l\u00ednea] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [en l\u00ednea] l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c: 6809 l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506 hci_acldata_packet net/bluetooth/hci_core.c:3939 [en l\u00ednea] hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176 Process_one_work kernel/workqueue.c: 3254 [en l\u00ednea] Process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335 trabajador_thread+0x926/0xe70 kernel/workqueue.c:3416 kthread+0x2e3/0x380 kernel/kthread.c:388 ret_from_fork+0x5c/0x90 arch/x86/kernel/ Process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 M\u00f3dulos vinculados en: ---[ end trace 0000000000000000 ]---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"},{\"lang\":\"en\",\"value\":\"CWE-369\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.39\",\"versionEndExcluding\":\"6.6.32\",\"matchCriteriaId\":\"503F0681-1131-42FA-98C3-26C06727BBCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.8.11\",\"matchCriteriaId\":\"3B75CBAF-FD3C-40AE-85BB-0525E142C4C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.2\",\"matchCriteriaId\":\"197A592B-2A2B-4A2F-8856-22638007413E\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dfece2b4e3759759b2bdfac2cd6d0ee9fbf055f3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.