CVE-2024-42133
Bluetooth: Ignore too large handle values in BIG
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hci_le_big_sync_established_evt is necessary to filter out cases where the
handle value is belonging to ida id range, otherwise ida will be erroneously
released in hci_conn_cleanup.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hci_le_big_sync_established_evt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hci_conn_cleanup.
This update for the Linux Kernel 6.4.0-150600_23_14 fixes several issues. The following security issues were fixed. Net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state. Net: bridge: mst: fix suspicious rcu usage in br_mst_set_state. Net: bridge: mst: fix vlan use-after-free. Cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie. Vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans. Fixed memory leak for not ip packets. Bluetooth: Ignore too large handle values in BIG. Btrfs: make sure that WRITTEN is set on all metadata blocks. Smb: client: fix use-after-free bug in cifs_debug_data_proc_show. Net: do not leave a dangling sk pointer, when socket creation fails bpf: Fix a potential use-after-free in bpf_link_free.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-29 CVE Reserved
- 2024-07-30 CVE Published
- 2025-05-04 CVE Updated
- 2025-05-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/84cb0143fb8a03bf941c7aaedd56c938c99dafad | Vuln. Introduced | |
| https://git.kernel.org/stable/c/181a42edddf51d5d9697ecdf365d72ebeab5afb0 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/e9f708beada55426c8d678e2f46af659eb5bf4f0 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-42133 | 2025-05-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2301498 | 2025-05-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6.2 < 6.6.39 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.2 < 6.6.39" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7 < 6.9.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.9.9" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.10" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5.12 Search vendor "Linux" for product "Linux Kernel" and version "6.5.12" | en |
Affected
| ||||||