| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022656-CVE-2024-58009-b2d2@gregkh> Date: Wed, 26 Feb 2025 18:11:03 -0800 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-58009: Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc Description =========== In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc A NULL sock pointer is passed into l2cap_sock_alloc() when it is called from l2cap_sock_new_connection_cb() and the error handling paths should also be aware of it. Seemingly a more elegant solution would be to swap bt_sock_alloc() and l2cap_chan_create() calls since they are not interdependent to that moment but then l2cap_chan_create() adds the soon to be deallocated and still dummy-initialized channel to the global list accessible by many L2CAP paths. The channel would be removed from the list in short period of time but be a bit more straight-forward here and just check for NULL instead of changing the order of function calls. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. The Linux kernel CVE team has assigned CVE-2024-58009 to this issue. Affected and fixed versions =========================== Issue introduced in 6.1.120 with commit bb2f2342a6ddf7c04f9aefbbfe86104cd138e629 and fixed in 6.1.129 with commit 297ce7f544aa675b0d136d788cad0710cdfb0785 Issue introduced in 6.6.66 with commit 8ad09ddc63ace3950ac43db6fbfe25b40f589dd6 and fixed in 6.6.78 with commit 245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22 Issue introduced in 6.12.5 with commit 61686abc2f3c2c67822aa23ce6f160467ec83d35 and fixed in 6.12.14 with commit 691218a50c3139f7f57ffa79fb89d932eda9571e Issue introduced in 6.13 with commit 7c4f78cdb8e7501e9f92d291a7d956591bf73be9 and fixed in 6.13.3 with commit 49c0d55d59662430f1829ae85b969619573d0fa1 Issue introduced in 6.13 with commit 7c4f78cdb8e7501e9f92d291a7d956591bf73be9 and fixed in 6.14-rc1 with commit 5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1 Issue introduced in 5.4.287 with commit f6ad641646b67f29c7578dcd6c25813c7dcbf51e Issue introduced in 5.10.231 with commit daa13175a6dea312a76099066cb4cbd4fc959a84 Issue introduced in 5.15.174 with commit a8677028dd5123e5e525b8195483994d87123de4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-58009 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/bluetooth/l2cap_sock.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/297ce7f544aa675b0d136d788cad0710cdfb0785 https://git.kernel.org/stable/c/245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22 https://git.kernel.org/stable/c/691218a50c3139f7f57ffa79fb89d932eda9571e https://git.kernel.org/stable/c/49c0d55d59662430f1829ae85b969619573d0fa1 https://git.kernel.org/stable/c/5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1
Powered by blists - more mailing lists