CVE-2024-56757: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
First published: Mon Jan 06 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before unregistering hci device when usb disconnect. Removing BT usb dongle without properly releasing the interface may cause Kernel panic while unregister hci device.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <6.12.8 | |
| debian/linux | <=5.10.223-1<=5.10.234-1<=6.1.129-1<=6.1.128-1 | 6.12.21-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/489304e67087abddc2666c5af0159cb95afdcf59
- https://git.kernel.org/stable/c/cc569d791ab2a0de74f76e470515d25d24c9b84b
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56757
- https://nvd.nist.gov/vuln/detail/CVE-2024-56757
- https://launchpad.net/bugs/cve/CVE-2024-56757
- https://security-tracker.debian.org/tracker/CVE-2024-56757
- https://ubuntu.com/security/CVE-2024-56757
- https://git.kernel.org/linus/489304e67087abddc2666c5af0159cb95afdcf59
Frequently Asked Questions
What is the severity of CVE-2024-56757?
CVE-2024-56757 has a moderate severity rating due to its potential impact on the stability of Bluetooth connections in Linux.
How do I fix CVE-2024-56757?
To address CVE-2024-56757, update your Linux kernel to version 6.12.10-1 or 6.12.11-1, or apply vendor-specific patches if using Debian.
Is CVE-2024-56757 exploitable in the wild?
As of now, there are no confirmed reports of active exploitation of CVE-2024-56757 in the wild.
Which systems are affected by CVE-2024-56757?
CVE-2024-56757 affects Linux kernel versions prior to 6.12.10 and specific Debian Linux packages between certain versions.
What are the potential consequences of CVE-2024-56757?
The consequences of CVE-2024-56757 may include instability in Bluetooth functionality and possible crashes when handling USB disconnected events.
- agent/title
- agent/first-publish-date
- agent/type
- agent/weakness
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/softwarecombine
- collector/launchpad-cve
- source/Launchpad
- agent/source
- agent/tags
- agent/description
- agent/event
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- package-manager/debian