Aaron Thompson

#21747of 53,634
11Total CVSS
Vulnerabilities · 2
Medium
2
PT-2024-33909
5.5
2024-10-28
Linux · Linux Kernel · CVE-2024-50077
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: The issue arises when `bt debugfs` is not created successfully due to either `CONFIG DEBUG FS` or `CONFIG DEBUG FS ALLOW ALL` being unset. This leads to `iso init()` returning early without setting `iso inited` to true, resulting in duplicate calls to `proto register()`, `bt sock register()`, etc. when `iso init()` is called subsequently. With `CONFIG LIST HARDENED` and `CONFIG BUG ON DATA CORRUPTION` enabled, the duplicate call to `proto register()` triggers a bug. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for this problem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-33910
5.5
2024-10-28
Linux · Linux Kernel · CVE-2024-50078
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.10.11-4+bt2-ao-desktop Description: The issue arises when the `iso init()` function is called without a corresponding call to `iso exit()` on module unload. This causes the `struct proto` registered with `proto register()` to become invalid, potentially leading to unpredictable problems. In cases where `CONFIG LIST HARDENED` and `CONFIG BUG ON DATA CORRUPTION` are enabled, reloading the module may trigger a bug due to `list add` corruption. Recommendations: For Linux kernel versions prior to 6.10.11-4+bt2-ao-desktop, ensure that `iso exit()` is called on module unload if `iso init()` has been called. As a temporary workaround, consider disabling the `bt init()` function until a patch is available. Restrict access to the `hci sock init()` function to minimize the risk of exploitation. Avoid using the `proto register()` function in the affected Bluetooth module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.