CVE-2024-26886

EPSS 0.02%
Veröffentlicht 17.04.2024 11:15:10
Zuletzt bearbeitet 21.03.2025 14:33:44
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: af_bluetooth: Fix deadlock

Attemting to do sock_lock on .recvmsg may cause a deadlock as shown
bellow, so instead of using sock_sock this uses sk_receive_queue.lock
on bt_sock_ioctl to avoid the UAF:

INFO: task kworker/u9:1:121 blocked for more than 30 seconds.
      Not tainted 6.7.6-lemon #183
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __schedule+0x37d/0xa00
 schedule+0x32/0xe0
 __lock_sock+0x68/0xa0
 ? __pfx_autoremove_wake_function+0x10/0x10
 lock_sock_nested+0x43/0x50
 l2cap_sock_recv_cb+0x21/0xa0
 l2cap_recv_frame+0x55b/0x30a0
 ? psi_task_switch+0xeb/0x270
 ? finish_task_switch.isra.0+0x93/0x2a0
 hci_rx_work+0x33a/0x3f0
 process_one_work+0x13a/0x2f0
 worker_thread+0x2f0/0x410
 ? __pfx_worker_thread+0x10/0x10
 kthread+0xe0/0x110
 ? __pfx_kthread+0x10/0x10
 ret_from_fork+0x2c/0x50
 ? __pfx_kthread+0x10/0x10
 ret_from_fork_asm+0x1b/0x30
 </TASK>

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.10.206 < 5.11

Linux ≫ Linux Kernel Version >= 5.15.146 < 5.16

Linux ≫ Linux Kernel Version >= 6.1.70 < 6.1.83

Linux ≫ Linux Kernel Version >= 6.6.9 < 6.6.23

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.11

Linux ≫ Linux Kernel Version >= 6.8 < 6.8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.03

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/2c9e2df022ef8b9d7fac58a04a2ef4ed25288955

Patch

https://git.kernel.org/stable/c/64be3c6154886200708da0dfe259705fb992416c

Patch

https://git.kernel.org/stable/c/817e8138ce86001b2fa5c63d6ede756e205a01f7

Patch

https://git.kernel.org/stable/c/f7b94bdc1ec107c92262716b073b3e816d4784fb

Patch

https://git.kernel.org/stable/c/cb8adca52f306563d958a863bb0cbae9c184d1ae

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-26886

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26886

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26886

EUVD