CVE-2024-42132

Summary

In the Linux kernel, the following vulnerability has been resolved:

bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX

Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator.

This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection.

Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux84cb0143fb8a03bf941c7aaedd56c938c99dafad < 4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4affected
LinuxLinux181a42edddf51d5d9697ecdf365d72ebeab5afb0 < d311036696fed778301d08a71a4bef737b86d8c5affected
LinuxLinux181a42edddf51d5d9697ecdf365d72ebeab5afb0 < 1cc18c2ab2e8c54c355ea7c0423a636e415a0c23affected
LinuxLinuxe9f708beada55426c8d678e2f46af659eb5bf4f0affected
LinuxLinux6.6.2 < 6.6.39affected
LinuxLinux6.5.12 < 6.6affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.6.39 <= 6.6.*unaffected
LinuxLinux6.9.9 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References