CVE-2024-50125
Bluetooth: SCO: Fix UAF on sco_sock_timeout
Severity Score
"-"
*CVSS v-
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SCO: Fix UAF on sco_sock_timeout
conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock
so this checks if the conn->sk is still valid by checking if it part of
sco_sk_list.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: SCO: Se corrige que UAF en sco_sock_timeout conn->sk pueda haberse desvinculado/liberado mientras se esperaba sco_conn_lock, por lo que esto verifica si conn->sk aún es válido verificando si es parte de sco_sk_list.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-10-21 CVE Reserved
- 2024-11-05 CVE Published
- 2024-11-05 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/ba316be1b6a00db7126ed9a39f9bee434a508043 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/fea63ccd928c01573306983346588b26cffb5572 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/48669c81a65628ef234cbdd91b9395952c7c27fe | Vuln. Introduced | |
| https://git.kernel.org/stable/c/37d7ae2b0578f2373674a755402ee722e96edc08 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/a1073aad497d0d071a71f61b721966a176d50c08 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/ec1f74319bb35c1c90c25014ec0f6ea6c3ca2134 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/b657bba82ff6a007d84fd076bd73b11131726a2b | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.1.115 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.115" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.6.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6.59" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.11.6" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 6.12-rc5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.12-rc5" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.14.263 Search vendor "Linux" for product "Linux Kernel" and version "4.14.263" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.19.207 Search vendor "Linux" for product "Linux Kernel" and version "4.19.207" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.4.148 Search vendor "Linux" for product "Linux Kernel" and version "5.4.148" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.10.67 Search vendor "Linux" for product "Linux Kernel" and version "5.10.67" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.13.19 Search vendor "Linux" for product "Linux Kernel" and version "5.13.19" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.14.6 Search vendor "Linux" for product "Linux Kernel" and version "5.14.6" | en |
Affected
| ||||||