Lucene search
LinuxCVELIST:CVE-2024-41062HistoryJul 29, 2024 - 2:57 p.m.
CVE-2024-41062 bluetooth/l2cap: sync sock recv cb and release
2024-07-2914:57:24
Linux
www.cve.org
6
linux kernel
bluetooth vulnerability
l2cap
security fix
sock release
synchronization
EPSS
0
Percentile
16.2%
In the Linux kernel, the following vulnerability has been resolved:
bluetooth/l2cap: sync sock recv cb and release
The problem occurs between the system call to close the sock and hci_rx_work,
where the former releases the sock and the latter accesses it without lock protection.
CPU0 CPU1
---- ----
sock_close hci_rx_work
l2cap_sock_release hci_acldata_packet
l2cap_sock_kill l2cap_recv_frame
sk_free l2cap_conless_channel
l2cap_sock_recv_cb
If hci_rx_work processes the data that needs to be received before the sock is
closed, then everything is normal; Otherwise, the work thread may access the
released sock when receiving data.
Add a chan mutex in the rx callback of the sock to achieve synchronization between
the sock release and recv cb.
Sock is dead, so set chan data to NULL, avoid others use invalid sock pointer.
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/bluetooth/l2cap_sock.c"
],
"versions": [
{
"version": "1da177e4c3f4",
"lessThan": "605572e64cd9",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "b803f30ea23e",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "3b732449b781",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f4",
"lessThan": "89e856e124f9",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/bluetooth/l2cap_sock.c"
],
"versions": [
{
"version": "6.1.101",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.42",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.11",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-41062 bluetooth/l2cap: sync sock recv cb and release
2024-07-29 14:57:24
redhatcve
redhatcve
CVE-2024-41062
2024-07-31 09:14:47
cve
cve
CVE-2024-41062
2024-07-29 15:15:14
osv
osv
CVE-2024-41062
2024-07-29 15:15:14
Security update for the Linux Kernel
2024-09-12 12:12:38
Security update for the Linux Kernel
2024-09-16 08:56:37
nvd
nvd
CVE-2024-41062
2024-07-29 15:15:14
debiancve
debiancve
CVE-2024-41062
2024-07-29 15:15:14
nessus
nessus
Photon OS 5.0: Linux PHSA-2024-5.0-0345
2024-08-15 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:3249-1)
2024-09-17 00:00:00
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:3251-1)
2024-09-17 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0345
2024-08-09 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:3252-1)
2024-09-17 00:00:00
Mageia: Security Advisory (MGASA-2024-0278)
2024-08-07 00:00:00
Mageia: Security Advisory (MGASA-2024-0277)
2024-08-07 00:00:00
mageia
mageia
Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities
2024-08-07 08:49:38
Updated kernel-linus packages fix security vulnerabilities
2024-08-07 08:49:38