A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.

...

PT-2021-11776 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11 Description: A NULL pointer dereference flaw may occur in the sco sock getsockopt function in net/bluetooth/sco.c due to the lack of a sanity check for a socket connection when using BT SNDMTU/BT RCVMTU for...