CVE-2024-50148

Bluetooth: bnep: fix wild-memory-access in proto_unregister

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: bnep: fix wild-memory-access in proto_unregister

There's issue as follows:
KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f]
CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W
RIP: 0010:proto_unregister+0xee/0x400
Call Trace:
<TASK>
__do_sys_delete_module+0x318/0x580
do_syscall_64+0xc1/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f

As bnep_init() ignore bnep_sock_init()'s return value, and bnep_sock_init()
will cleanup all resource. Then when remove bnep module will call
bnep_sock_cleanup() to cleanup sock's resource.
To solve above issue just return bnep_sock_init()'s return value in
bnep_exit().

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: bnep: corrige wild-memory-access en proto_unregister Hay un problema como el siguiente: KASAN: tal vez wild-memory-access en el rango [0xdead...108-0xdead...10f] CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: GW RIP: 0010:proto_unregister+0xee/0x400 Seguimiento de llamadas: __do_sys_delete_module+0x318/0x580 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Como bnep_init() ignora el valor de retorno de bnep_sock_init(), y bnep_sock_init() limpiará Todos los recursos. Luego, cuando se elimine el módulo bnep, se llamará a bnep_sock_cleanup() para limpiar el recurso de Sock. Para resolver el problema anterior, simplemente devuelva el valor de retorno de bnep_sock_init() en bnep_exit().

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-07 CVE Published
2024-11-07 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/fa58e23ea1359bd24b323916d191e2e9b4b19783	2024-11-01
https://git.kernel.org/stable/c/03015b6329e6de42f03ec917c25c4cf944f81f66	2024-11-01
https://git.kernel.org/stable/c/d10cd7bf574ead01fae140ce117a11bcdacbe6a8	2024-11-01
https://git.kernel.org/stable/c/20c424bc475b2b2a6e0e2225d2aae095c2ab2f41	2024-11-01
https://git.kernel.org/stable/c/64a90991ba8d4e32e3173ddd83d0b24167a5668c	2024-10-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 5.15.170 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 5.15.170"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.1.115 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.1.115"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.6.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.6.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.11.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.12 < 6.12-rc4 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 6.12-rc4"		en		Affected