What is the severity of CVE-2024-35856?

CVE-2024-35856 is classified as a moderate severity vulnerability due to its potential impact on system stability and integrity.

How do I fix CVE-2024-35856?

To fix CVE-2024-35856, update the Linux kernel to version 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.128-1, 6.12.12-1, or 6.12.15-1.

Which versions of the Linux kernel are affected by CVE-2024-35856?

CVE-2024-35856 affects Linux kernel versions from 6.6.0 up to 6.6.30, as well as several release candidates of version 6.9.

What component of the Linux kernel is affected in CVE-2024-35856?

CVE-2024-35856 affects the Bluetooth subsystem, specifically the btusb component, which deals with memory management for coredumps.

Is CVE-2024-35856 exploitable remotely?

CVE-2024-35856 is not specifically noted as remotely exploitable, but could affect systems if exploited locally.

Vulnerability/
CVE-2024-35856

high

7.8

CWE

415

EPSS

0.045%

17/5/2024

30/12/2024

CVE-2024-35856: Bluetooth: btusb: mediatek: Fix double free of skb in coredump

First published: Fri May 17 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don't have to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter <dan.carpenter@linaro.org>

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel	>=6.6<6.6.30
Linux Kernel	>=6.7<6.8.9
Linux Kernel	=6.9-rc1
Linux Kernel	=6.9-rc2
Linux Kernel	=6.9-rc3
Linux Kernel	=6.9-rc4
Linux Kernel	=6.9-rc5
debian/linux		5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-35856?
CVE-2024-35856 is classified as a moderate severity vulnerability due to its potential impact on system stability and integrity.
How do I fix CVE-2024-35856?
To fix CVE-2024-35856, update the Linux kernel to version 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.128-1, 6.12.12-1, or 6.12.15-1.
Which versions of the Linux kernel are affected by CVE-2024-35856?
CVE-2024-35856 affects Linux kernel versions from 6.6.0 up to 6.6.30, as well as several release candidates of version 6.9.
What component of the Linux kernel is affected in CVE-2024-35856?
CVE-2024-35856 affects the Bluetooth subsystem, specifically the btusb component, which deals with memory management for coredumps.
Is CVE-2024-35856 exploitable remotely?
CVE-2024-35856 is not specifically noted as remotely exploitable, but could affect systems if exploited locally.

agent/title
agent/weakness
agent/type
collector/epss-latest
source/FIRST
agent/epss
collector/launchpad-cve
source/Launchpad
agent/first-publish-date
agent/author
agent/references
collector/mitre-cve
source/MITRE
agent/trending
agent/last-modified-date
agent/remedy
agent/severity
collector/usn-cve
source/Ubuntu
agent/description
agent/event
agent/source
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
agent/tags
agent/softwarecombine
collector/security-tracker-debian
source/Debian
vendor/linux
canonical/linux kernel
version/linux kernel/6.6
version/linux kernel/6.7
version/linux kernel/6.9-rc1
version/linux kernel/6.9-rc2
version/linux kernel/6.9-rc3
version/linux kernel/6.9-rc4
version/linux kernel/6.9-rc5
package-manager/debian

Frequently Asked Questions

What is the severity of CVE-2024-35856?
CVE-2024-35856 is classified as a moderate severity vulnerability due to its potential impact on system stability and integrity.
How do I fix CVE-2024-35856?
To fix CVE-2024-35856, update the Linux kernel to version 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.128-1, 6.12.12-1, or 6.12.15-1.
Which versions of the Linux kernel are affected by CVE-2024-35856?
CVE-2024-35856 affects Linux kernel versions from 6.6.0 up to 6.6.30, as well as several release candidates of version 6.9.
What component of the Linux kernel is affected in CVE-2024-35856?
CVE-2024-35856 affects the Bluetooth subsystem, specifically the btusb component, which deals with memory management for coredumps.
Is CVE-2024-35856 exploitable remotely?
CVE-2024-35856 is not specifically noted as remotely exploitable, but could affect systems if exploited locally.

CVE-2024-35856: Bluetooth: btusb: mediatek: Fix double free of skb in coredump

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-35856?

How do I fix CVE-2024-35856?

Which versions of the Linux kernel are affected by CVE-2024-35856?

What component of the Linux kernel is affected in CVE-2024-35856?

Is CVE-2024-35856 exploitable remotely?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-35856?

How do I fix CVE-2024-35856?

Which versions of the Linux kernel are affected by CVE-2024-35856?

What component of the Linux kernel is affected in CVE-2024-35856?

Is CVE-2024-35856 exploitable remotely?