CVE-2024-36012

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
23/05/2024
Last modified:
06/01/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: msft: fix slab-use-after-free in msft_do_close()<br /> <br /> Tying the msft-&gt;data lifetime to hdev by freeing it in<br /> hci_release_dev() to fix the following case:<br /> <br /> [use]<br /> msft_do_close()<br /> msft = hdev-&gt;msft_data;<br /> if (!msft) ...(1) filter_lock); ...(4) msft_data;<br /> hdev-&gt;msft_data = NULL; ...(2)<br /> kfree(msft); ...(3)

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.12 (including) 6.1.91 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.31 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.8.10 (excluding)
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc7:*:*:*:*:*:*