CVE-2024-42141

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk %p", sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 switch (sk->sk_state) { 1358 case BT_CONNECT2: 1359 if (pi->conn->hcon && ^^^^^^^^^^^^^^ If ->hcon is NULL 1360 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { --> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ then we're toast 1365 sk->sk_state = BT_CONFIG; 1366 } 1367 release_sock(sk); 1368 return 0; 1369 case BT_CONNECTED: 1370 if (test_bit(BT_SK_PA_SYNC,
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*

History

11 Dec 2024, 15:17

Type Values Removed Values Added
CWE CWE-476
References () https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11 - () https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11 - Patch
References () https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8 - () https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8 - Patch
References () https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e - () https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e - Patch
CPE cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Linux linux Kernel
Linux

21 Nov 2024, 09:33

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11 - () https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11 -
References () https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8 - () https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8 -
References () https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e - () https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e -

30 Jul 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: ISO: Verifique el indicador de socket en lugar de hcon. Esto corrige la siguiente advertencia del verificador estático de Smatch: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: previamente asumimos 'pi ->conn->hcon' podría ser nulo (línea 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = calcetín->sk; 1351 estructura iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk%p",sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 interruptor (sk->sk_state) { 1358 caso BT_CONNECT2: 1359 si (pi->conn->hcon && ^^^^^^^^^^^^^^ Si ->hcon es NULL 1360 test_bit(HCI_CONN_PA_SYNC, &pi ->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { --> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ entonces estamos 1365 sk->sk_state = BT_CONFIG; 1366 } 1367 liberación_sock(sk); 1368 devuelve 0; 1369 caso BT_CONNECTED: 1370 si (test_bit(BT_SK_PA_SYNC,

30 Jul 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-30 08:15

Updated : 2024-12-11 15:17


NVD link : CVE-2024-42141

Mitre link : CVE-2024-42141

CVE.ORG link : CVE-2024-42141


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference