Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed If mgmt_index_removed is called while there are commands queued on cmd_sync it could lead to crashes like the bellow trace: 0x0000053D: __list_del_entry_valid_or_report+0x98/0xdc 0x0000053D: mgmt_pending_remove+0x18/0x58 [bluetooth] 0x0000053E: mgmt_remove_adv_monitor_complete+0x80/0x108 [bluetooth] 0x0000053E: hci_cmd_sync_work+0xbc/0x164 [bluetooth] So while handling mgmt_index_removed this attempts to dequeue commands passed as user_data to cmd_sync.

INFO

Published Date :

2024-10-21T18:02:07.055Z

Last Modified :

2025-11-03T20:42:19.292Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49951 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49951.

URL Resource
https://git.kernel.org/stable/c/0cc47233af35fb5f10b5e6a027cb4ccd480caf9a cve-icon cve-icon
https://git.kernel.org/stable/c/19b40ca62607cef78369549d1af091f2fd558931 cve-icon cve-icon
https://git.kernel.org/stable/c/4883296505aa7e4863c6869b689afb6005633b23 cve-icon cve-icon
https://git.kernel.org/stable/c/8c3f7943a29145d8a2d8e24893762f7673323eae cve-icon cve-icon
https://git.kernel.org/stable/c/f53e1c9c726d83092167f2226f32bd3b73f26c21 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024102130-CVE-2024-49951-a620@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-49951 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-49951 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact