CVE-2024-50124

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: ISO: Fix UAF on iso_sock_timeout

conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxccf74f2390d60a2f9a75ef496d2564abb478f46a < 876ac72d535fa94f4ac57bba651987c6f990f646affected
LinuxLinuxccf74f2390d60a2f9a75ef496d2564abb478f46a < 14bcb721d241e62fdd18f6f434a2ed2ab6e71a9baffected
LinuxLinuxccf74f2390d60a2f9a75ef496d2564abb478f46a < d75aad1d3143ca68cda52ff80ac392e1bbd84325affected
LinuxLinuxccf74f2390d60a2f9a75ef496d2564abb478f46a < 246b435ad668596aa0e2bbb9d491b6413861211aaffected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.1.115 <= 6.1.*unaffected
LinuxLinux6.6.59 <= 6.6.*unaffected
LinuxLinux6.11.6 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References