CVE-2024-56604

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()

bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free.

Fix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ac3eaac4cf142a15fe67be747a682b1416efeb6eaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6021ccc2471b7b95e29b7cfc7938e042bf56e281affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 32df687e129ef0f9afcbcc914f7c32deb28fd481affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3945c799f12b8d1f49a3b48369ca494d981ac465affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.66 <= 6.6.*unaffected
LinuxLinux6.12.5 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References