CVE-2024-36942: Bluetooth: qca: fix firmware check error path
First published: Thu May 30 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <5.15.159 | |
| Linux Kernel | >=5.16<6.1.91 | |
| Linux Kernel | >=6.2<6.6.31 | |
| Linux Kernel | >=6.7<6.8.10 | |
| Linux Kernel | =6.9-rc1 | |
| Linux Kernel | =6.9-rc2 | |
| Linux Kernel | =6.9-rc3 | |
| Linux Kernel | =6.9-rc4 | |
| Linux Kernel | =6.9-rc5 | |
| Linux Kernel | =6.9-rc6 | |
| Linux Kernel | =6.9-rc7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9
- https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a
- https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f
- https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3
- https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558
Frequently Asked Questions
What is the severity of CVE-2024-36942?
CVE-2024-36942 has a severity rating that indicates a potential memory leak in the Linux kernel's Bluetooth firmware process.
How do I fix CVE-2024-36942?
To fix CVE-2024-36942, ensure you update your Linux kernel to a patched version that resolves the memory leak.
Which versions of the Linux kernel are affected by CVE-2024-36942?
CVE-2024-36942 affects Linux kernel versions from 5.15.159 up to 6.9-rc7, including specific ranges mentioned.
What type of vulnerability is CVE-2024-36942?
CVE-2024-36942 is a memory leak vulnerability in the Bluetooth module of the Linux kernel.
Is there a workaround for CVE-2024-36942?
No specific workaround is available for CVE-2024-36942; updating to a secure kernel version is recommended.
- agent/title
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.9-rc1
- version/linux kernel/6.9-rc2
- version/linux kernel/6.9-rc3
- version/linux kernel/6.9-rc4
- version/linux kernel/6.9-rc5
- version/linux kernel/6.9-rc6
- version/linux kernel/6.9-rc7