Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- passed. return; mutex_lock(&msft->filter_lock); ...(4) <- used after freed. [free] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed. ================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Read of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309

INFO

Published Date :

2024-05-23T07:03:06.904Z

Last Modified :

2025-05-04T09:10:28.848Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36012 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36012.

URL Resource
https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac cve-icon cve-icon
https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56 cve-icon cve-icon
https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940 cve-icon cve-icon
https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052314-CVE-2024-36012-3062@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-36012 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-36012 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact