CVE-2024-49951

Bluetooth: MGMT: Fix possible crash on mgmt_index_removed

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: Fix possible crash on mgmt_index_removed

If mgmt_index_removed is called while there are commands queued on
cmd_sync it could lead to crashes like the bellow trace:

0x0000053D: __list_del_entry_valid_or_report+0x98/0xdc
0x0000053D: mgmt_pending_remove+0x18/0x58 [bluetooth]
0x0000053E: mgmt_remove_adv_monitor_complete+0x80/0x108 [bluetooth]
0x0000053E: hci_cmd_sync_work+0xbc/0x164 [bluetooth]

So while handling mgmt_index_removed this attempts to dequeue
commands passed as user_data to cmd_sync.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-10-21 CVE Published
2024-11-13 EPSS Updated
2024-11-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4883296505aa7e4863c6869b689afb6005633b23	2024-10-10
https://git.kernel.org/stable/c/0cc47233af35fb5f10b5e6a027cb4ccd480caf9a	2024-10-10
https://git.kernel.org/stable/c/8c3f7943a29145d8a2d8e24893762f7673323eae	2024-10-10
https://git.kernel.org/stable/c/f53e1c9c726d83092167f2226f32bd3b73f26c21	2024-09-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.55 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.55"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.10.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.10.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.11.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.11.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.12"		en		Affected