7.8

CVE-2024-50125

Bluetooth: SCO: Fix UAF on sco_sock_timeout

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: SCO: Fix UAF on sco_sock_timeout

conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock
so this checks if the conn->sk is still valid by checking if it part of
sco_sk_list.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 6.1.115
LinuxLinux Kernel Version >= 6.2 < 6.6.59
LinuxLinux Kernel Version >= 6.7 < 6.11.6
LinuxLinux Kernel Version4.14.263
LinuxLinux Kernel Version4.19.207
LinuxLinux Kernel Version5.4.148
LinuxLinux Kernel Version5.10.67
LinuxLinux Kernel Version5.13.19
LinuxLinux Kernel Version5.14.6
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
LinuxLinux Kernel Version6.12 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.136
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/1bf4470a3939c678fb822073e9ea77a0560bc6bb
Patch
https://git.kernel.org/stable/c/80b05fbfa998480fb3d5299d93eab946f51e9c36
Patch
https://git.kernel.org/stable/c/9ddda5d967e84796e7df1b54a55f36b4b9f21079
Patch
https://git.kernel.org/stable/c/d30803f6a972b5b9e26d1d43b583c7ec151de04b
Patch
https://git.kernel.org/stable/c/74a466a15731a754bcd8b5a83c126b5122e15a45
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html