CVE-2024-50124

Bluetooth: ISO: Fix UAF on iso_sock_timeout

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock
so this checks if the conn->sk is still valid by checking if it part of
iso_sk_list.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: ISO: Se corrigió que UAF en iso_sock_timeout conn->sk pudiera haberse desvinculado/liberado mientras se esperaba a iso_conn_lock, por lo que esto verifica si conn->sk aún es válido verificando si es parte de iso_sk_list.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list.

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-05 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/ccf74f2390d60a2f9a75ef496d2564abb478f46a	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/876ac72d535fa94f4ac57bba651987c6f990f646	2024-11-01
https://git.kernel.org/stable/c/14bcb721d241e62fdd18f6f434a2ed2ab6e71a9b	2024-11-01
https://git.kernel.org/stable/c/d75aad1d3143ca68cda52ff80ac392e1bbd84325	2024-11-01
https://git.kernel.org/stable/c/246b435ad668596aa0e2bbb9d491b6413861211a	2024-10-23

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-50124	2024-12-19
https://bugzilla.redhat.com/show_bug.cgi?id=2323944	2024-12-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.1.115 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.115"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.11.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.12"		en		Affected