CVE-2020-35499

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11

Description: A NULL pointer dereference flaw may occur in the sco sock getsockopt function in net/bluetooth/sco.c due to the lack of a sanity check for a socket connection when using BT SNDMTU/BT RCVMTU for SCO sockets. This could allow a local attacker with special user privileges to crash the system or leak kernel internal information.

Recommendations: For Linux kernel versions prior to 5.11, consider disabling the sco sock getsockopt function as a temporary workaround until a patch is available. Restrict access to the net/bluetooth/sco.c module to minimize the risk of exploitation. Avoid using the BT SNDMTU/BT RCVMTU options for SCO sockets until the issue is resolved. Update to a version 5.11 or later to fully resolve the issue.