Vulnerability Details : CVE-2024-36012
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: msft: fix slab-use-after-free in msft_do_close()
Tying the msft->data lifetime to hdev by freeing it in
hci_release_dev() to fix the following case:
[use]
msft_do_close()
msft = hdev->msft_data;
if (!msft) ...(1) <- passed.
return;
mutex_lock(&msft->filter_lock); ...(4) <- used after freed.
[free]
msft_unregister()
msft = hdev->msft_data;
hdev->msft_data = NULL; ...(2)
kfree(msft); ...(3) <- msft is freed.
==================================================================
BUG: KASAN: slab-use-after-free in __mutex_lock_common
kernel/locking/mutex.c:587 [inline]
BUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30
kernel/locking/mutex.c:752
Read of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309
Vulnerability category: Memory Corruption
Products affected by CVE-2024-36012
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc7:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-36012
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 16 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-36012
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2025-01-06 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2024-36012 | 2024-05-23 |
CWE ids for CVE-2024-36012
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2024-36012
-
https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940
Bluetooth: msft: fix slab-use-after-free in msft_do_close() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76
Bluetooth: msft: fix slab-use-after-free in msft_do_close() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56
502 Bad GatewayPatch
-
https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac
502 Bad GatewayPatch
Jump to