Wind River Support Network

Meet the Support Network

Home CVE Database CVE-2024-36013

CVE-2024-36013

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ? mutex_lock(&conn->chan_lock); ? chan = pchan->ops->new_connection(pchan); <- alloc chan ? __l2cap_chan_add(conn, chan); ? l2cap_chan_hold(chan); ? list_add(&chan->list, &conn->chan_l); ... (1) ? mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ? mutex_lock(&conn->chan_lock); ? foreach chan in conn->chan_l: ... (2) ? l2cap_chan_put(chan); ? l2cap_chan_destroy ? kfree(chan) ... (3) <- chan freed ? mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311

Priority: --
CVSS v3: --
Component: linux
Publish Date: May 23, 2024
Related ID: --
CVSS v2: --
Modified Date: May 24, 2024

Find out more about CVE-2024-36013 from the MITRE-CVE dictionary and NIST NVD

Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Requires LTSS -- -- --
Wind River Linux 8 Requires LTSS -- -- --
Wind River Linux 9 Requires LTSS -- -- --
Wind River Linux 7 Requires LTSS -- -- --
Wind River Linux LTS 21 Investigate -- -- --
Wind River Linux LTS 22 Investigate -- -- --
Wind River Linux LTS 18 Requires LTSS -- -- --
Wind River Linux LTS 19 Investigate -- -- --
Wind River Linux CD release N/A -- -- --
Wind River Linux 6 Requires LTSS -- -- --
Wind River Linux LTS 23 Investigate -- -- --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --
Helix Virtualization Platform Cert Edition
Helix Virtualization Platform Cert Edition Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads

Notes
Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube