PT-2024-10131 · Linux+4 · Linux Kernel+4
Published
2024-12-12
·
Updated
2025-10-03
·
CVE-2024-56653
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue is related to a use-after-free vulnerability in the
btmtk process coredump() function in the Linux kernel's Bluetooth module. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when hci devcd append may lead to the release of the skb, making it inaccessible once it is called. The estimated number of potentially affected devices worldwide is not specified.Technical details about exploitation include:
- The vulnerable function is
btmtk process coredump(). - The
hci devcd appendfunction may cause the release of theskb. - To fix the issue, it is suggested to check if
hci devcd completeneeds to be called beforehci devcd append, and to checkdata->cd info.cnt >= MTK COREDUMP NUMinstead ofdata->cd info.cnt > MTK COREDUMP NUM.
Recommendations
- Update to Linux kernel version 6.6.74 or later to resolve the issue.
- As a temporary workaround, consider restricting access to the vulnerable Bluetooth module until a patch is available.
- At the moment, there is no other information about additional mitigation measures.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Linuxmint
Linux Kernel
Red Hat
Ubuntu