228 matches found
AZL-55611 CVE-2024-56604 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave the dangling pointer in th...
AZL-55485 CVE-2024-56604 affecting package kernel for versions less than 6.6.76.1-1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave the dangling pointer in th...
UBUNTU-CVE-2024-56604
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave the dangling pointer in th...
CVE-2024-56604 Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave the dangling pointer in th...
CVE-2024-56604
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave the dangling pointer in th...
CVE-2024-56604
Summary (CVE-2024-56604): In the Linux kernel, Bluetooth RFCOMM can leave a dangling sk pointer in rfcomm_sock_alloc() when rfcomm_dlc_alloc() fails, leading to a use-after-free. The root cause is bt_sock_alloc() attaching the sk to the sock object and the code path not clearing the pointer on fa...
CVE-2024-56604 Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave the dangling pointer in th...
CVE-2024-56604 Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave the dangling pointer in th...
kernel: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcommchecksecurity The Linux kernel CVE team has assigned CVE-2024-26903 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024041745-CVE-2024-26903-de5c@gregkh...
kernel: NULL Pointer dereference bluetooth allows Overflow Buffers
A NULL pointer dereference vulnerability was found in the Linux kernel in rfcommchecksecurity. This issue may lead to buffer overflows...
CVE-2024-50044
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to use socklock so it must never be called with it locked but rfcommsockioctl always attempt to lock it causing the following trace:...
CVE-2024-50044
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to use socklock so it must never be called with it locked but rfcommsockioctl always attempt to lock it causing the following trace:...
AZL-51123 CVE-2024-50044 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to use socklock so it must never be called with it locked but rfcommsockioctl always attempt to lock it causing the following trace:...
CVE-2024-50044 Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to use socklock so it must never be called with it locked but rfcommsockioctl always attempt to lock it causing the following trace:...
CVE-2024-50044
CVE-2024-50044 affects the Linux kernel Bluetooth RFCOMM path. The issue is a deadlock in rfcomm_sk_state_change caused by rfcomm_sock_ioctl attempting to lock sock_lock while another path already holds the lock, creating circular locking. The vulnerability is resolved in kernel code by ensuring ...
CVE-2024-50044 Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to use socklock so it must never be called with it locked but rfcommsockioctl always attempt to lock it causing the following trace:...
CVE-2024-50044 Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to use socklock so it must never be called with it locked but rfcommsockioctl always attempt to lock it causing the following trace:...
PT-2024-36912
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description A vulnerability in the Linux kernel's Bluetooth RFCOMM implementation could lead to a use-after-free issue. This occurs because bt sock alloc attaches an allocated sk object to the provided soc...
CVE-2024-6258 BT: Missing length checks of net_buf in rfcomm_handle_data
BT: Missing length checks of netbuf in rfcommhandledata...
PT-2024-37489
Name of the Vulnerable Software and Affected Versions: Linux Kernel's RFCOMM Module affected versions not specified Description: The issue is related to a buffer overflow vulnerability due to missing length checks of net buf in the rfcomm handle data function. Recommendations: At the moment, ther...