Double free in Linux kernel

#VU90890 Double free in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-06-03

Vulnerability identifier: #VU90890

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35856

CWE-ID: CWE-415

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the btmtk_process_coredump() function in drivers/bluetooth/btmtk.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/80dfef128cb9f1b1ef67c0fe8c8deb4ea7ad30c1
http://git.kernel.org/stable/c/e20093c741d8da9f6390dd45d75b779861547035
http://git.kernel.org/stable/c/18bdb386a1a30e7a3d7732a98e45e69cf6b5710d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-lowlatency

Ubuntu update for linux-oem-6.8

Ubuntu update for linux-nvidia-lowlatency

Ubuntu update for linux

Double free in Linux kernel bluetooth driver