CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
First published: Fri Dec 27 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <5.4.287 | |
| Linux Kernel | >=5.5<5.10.231 | |
| Linux Kernel | >=5.11<5.15.174 | |
| Linux Kernel | >=5.16<6.1.120 | |
| Linux Kernel | >=6.2<6.6.66 | |
| Linux Kernel | >=6.7<6.12.5 | |
| debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.133-1 6.12.21-1 6.12.22-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/f6ad641646b67f29c7578dcd6c25813c7dcbf51e
- https://git.kernel.org/stable/c/daa13175a6dea312a76099066cb4cbd4fc959a84
- https://git.kernel.org/stable/c/a8677028dd5123e5e525b8195483994d87123de4
- https://git.kernel.org/stable/c/bb2f2342a6ddf7c04f9aefbbfe86104cd138e629
- https://git.kernel.org/stable/c/8ad09ddc63ace3950ac43db6fbfe25b40f589dd6
- https://git.kernel.org/stable/c/61686abc2f3c2c67822aa23ce6f160467ec83d35
- https://git.kernel.org/stable/c/7c4f78cdb8e7501e9f92d291a7d956591bf73be9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56605
- https://nvd.nist.gov/vuln/detail/CVE-2024-56605
- https://launchpad.net/bugs/cve/CVE-2024-56605
- https://security-tracker.debian.org/tracker/CVE-2024-56605
- https://ubuntu.com/security/CVE-2024-56605
- https://git.kernel.org/linus/7c4f78cdb8e7501e9f92d291a7d956591bf73be9
Frequently Asked Questions
What versions of the Linux kernel are affected by CVE-2024-56605?
CVE-2024-56605 affects Linux kernel versions prior to 5.4.287 and versions between 5.5 and 5.10.231, 5.11 and 5.15.174, 5.16 and 6.1.120, 6.2 and 6.6.66, and 6.7 and 6.12.5.
What is the severity of CVE-2024-56605?
CVE-2024-56605 has not been assigned a specific severity score yet, but it is essential to evaluate its impact based on the context of your environment.
How do I fix CVE-2024-56605?
To fix CVE-2024-56605, update your Linux kernel to a version that addresses the vulnerability.
What type of vulnerability is CVE-2024-56605?
CVE-2024-56605 is a vulnerability related to the Bluetooth L2CAP subsystem in the Linux kernel.
What impact can CVE-2024-56605 have on my system?
CVE-2024-56605 could potentially lead to resource leaks or unstable behavior if not addressed.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/references
- collector/launchpad-cve
- source/Launchpad
- agent/softwarecombine
- agent/tags
- agent/source
- collector/nvd-cve
- agent/description
- agent/event
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- package-manager/debian