7.1

CVE-2024-35967

Bluetooth: SCO: Fix not validating setsockopt user input

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: SCO: Fix not validating setsockopt user input

syzbot reported sco_sock_setsockopt() is copying data without
checking user input length.

BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset
include/linux/sockptr.h:49 [inline]
BUG: KASAN: slab-out-of-bounds in copy_from_sockptr
include/linux/sockptr.h:55 [inline]
BUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90
net/bluetooth/sco.c:893
Read of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.8 < 5.10.216
LinuxLinux Kernel Version >= 5.11 < 5.15.178
LinuxLinux Kernel Version >= 5.16 < 6.1.87
LinuxLinux Kernel Version >= 6.2 < 6.6.28
LinuxLinux Kernel Version >= 6.7 < 6.8.7
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.144
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
https://git.kernel.org/stable/c/2c2dc87cdebef3fe3b9d7a711a984c70e376e32e
Patch
https://git.kernel.org/stable/c/419a0ffca7010216f0fc265b08558d7394fa0ba7
Patch
https://git.kernel.org/stable/c/51eda36d33e43201e7a4fd35232e069b2c850b01
Patch
https://git.kernel.org/stable/c/72473db90900da970a16ee50ad23c2c38d107d8c
Patch
https://git.kernel.org/stable/c/7bc65d23ba20dcd7ecc094a12c181e594e5eb315
Patch
https://git.kernel.org/stable/c/b0e30c37695b614bee69187f86eaf250e36606ce
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html