CVE-2024-42141
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Check socket flag instead of hcon
This fixes the following Smatch static checker warning:
net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359)
net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk %p", sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 switch (sk->sk_state) { 1358 case BT_CONNECT2: 1359 if (pi->conn->hcon && ^^^^^^^^^^^^^^ If ->hcon is NULL
1360 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { –> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ then we're toast
1365 sk->sk_state = BT_CONFIG; 1366 } 1367 release_sock(sk); 1368 return 0; 1369 case BT_CONNECTED: 1370 if (test_bit(BT_SK_PA_SYNC,
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | fbdc4bc47268953c80853489f696e02d61f9a2c6 < 045669710464a21c67e690ef14698fd71857cb11 | affected |
| Linux | Linux | fbdc4bc47268953c80853489f696e02d61f9a2c6 < 33fabef489169c6db87843ef23351ed0d5e51ad8 | affected |
| Linux | Linux | fbdc4bc47268953c80853489f696e02d61f9a2c6 < 596b6f081336e77764ca35cfeab66d0fcdbe544e | affected |
| Linux | Linux | c03a10bd5b6ccb22921e04bcddc987410df7e7a9 | affected |
| Linux | Linux | 6.5.12 < 6.6 | affected |
| Linux | Linux | 6.6 | affected |
| Linux | Linux | 0 < 6.6 | unaffected |
| Linux | Linux | 6.6.39 <= 6.6.* | unaffected |
| Linux | Linux | 6.9.9 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11
- https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8
- https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11
- https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8
- https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.