CVE-2024-42133

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: Ignore too large handle values in BIG

hci_le_big_sync_established_evt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hci_conn_cleanup.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux84cb0143fb8a03bf941c7aaedd56c938c99dafad < 38263088b845abeeeb98dda5b87c0de3063b6dbbaffected
LinuxLinux181a42edddf51d5d9697ecdf365d72ebeab5afb0 < dad0003ccc68457baf005a6ed75b4d321463fe3daffected
LinuxLinux181a42edddf51d5d9697ecdf365d72ebeab5afb0 < 015d79c96d62cd8a4a359fcf5be40d58088c936baffected
LinuxLinuxe9f708beada55426c8d678e2f46af659eb5bf4f0affected
LinuxLinux6.6.2 < 6.6.39affected
LinuxLinux6.5.12 < 6.6affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.6.39 <= 6.6.*unaffected
LinuxLinux6.9.9 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References