CVE-2024-36012
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
23/05/2024
Last modified:
06/01/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
Bluetooth: msft: fix slab-use-after-free in msft_do_close()<br />
<br />
Tying the msft->data lifetime to hdev by freeing it in<br />
hci_release_dev() to fix the following case:<br />
<br />
[use]<br />
msft_do_close()<br />
msft = hdev->msft_data;<br />
if (!msft) ...(1) filter_lock); ...(4) msft_data;<br />
hdev->msft_data = NULL; ...(2)<br />
kfree(msft); ...(3)
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.12 (including) | 6.1.91 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.31 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.8.10 (excluding) |
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.9:rc7:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac
- https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56
- https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940
- https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76
- https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac
- https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56
- https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940
- https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76