7.1

CVE-2024-42132

bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX

In the Linux kernel, the following vulnerability has been resolved:

bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX

Syzbot hit warning in hci_conn_del() caused by freeing handle that was
not allocated using ida allocator.

This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by
hci_le_big_sync_established_evt(), which makes code think it's unset
connection.

Add same check for handle upper bound as in hci_conn_set_handle() to
prevent warning.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.5.12 < 6.6
LinuxLinux Kernel Version >= 6.6.2 < 6.6.39
LinuxLinux Kernel Version >= 6.7 < 6.9.9
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
LinuxLinux Kernel Version6.10 Updaterc5
LinuxLinux Kernel Version6.10 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.13
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE-763 Release of Invalid Pointer or Reference

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

https://git.kernel.org/stable/c/1cc18c2ab2e8c54c355ea7c0423a636e415a0c23
Patch
https://git.kernel.org/stable/c/4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4
Patch
https://git.kernel.org/stable/c/d311036696fed778301d08a71a4bef737b86d8c5
Patch