SB2024123044 - Use-after-free in Linux kernel bluetooth
Published: December 30, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024123044
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-56605)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/61686abc2f3c2c67822aa23ce6f160467ec83d35
- https://git.kernel.org/stable/c/7c4f78cdb8e7501e9f92d291a7d956591bf73be9
- https://git.kernel.org/stable/c/8ad09ddc63ace3950ac43db6fbfe25b40f589dd6
- https://git.kernel.org/stable/c/a8677028dd5123e5e525b8195483994d87123de4
- https://git.kernel.org/stable/c/bb2f2342a6ddf7c04f9aefbbfe86104cd138e629
- https://git.kernel.org/stable/c/daa13175a6dea312a76099066cb4cbd4fc959a84
- https://git.kernel.org/stable/c/f6ad641646b67f29c7578dcd6c25813c7dcbf51e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.287