PT-2024-10465 · Linux+5 · Linux Kernel+5

Published

2024-07-30

·

Updated

2025-09-29

·

CVE-2024-42133

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.43
Description The issue is related to the Bluetooth component in the Linux kernel, where improper input validation can lead to a denial of service. Specifically, the hci le big sync established evt function needs to ignore too large handle values to prevent erroneous release of ida in hci conn cleanup. This can cause issues when the handle value belongs to the ida id range.
Recommendations To resolve the issue, update to Linux kernel version 6.6.43 or later. As a temporary workaround, consider restricting access to the Bluetooth functionality until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2025-01005
CVE-2024-42133
INFSA-2025_6966
MGASA-2024-0277
MGASA-2024-0278
OESA-2024-2076
OPENSUSE-SU-2024_3880-1
OPENSUSE-SU-2024_3881-1
OPENSUSE-SU-2024_3882-1
OPENSUSE-SU-2024_4208-1
OPENSUSE-SU-2024_4209-1
OPENSUSE-SU-2025_0187-1
OPENSUSE-SU-2025_0188-1
OPENSUSE-SU-2025_0255-1
OPENSUSE-SU-2025_0262-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3834-1
SUSE-SU-2024:3880-1
SUSE-SU-2024:3881-1
SUSE-SU-2024:3882-1
SUSE-SU-2024:4208-1
SUSE-SU-2024:4209-1
SUSE-SU-2025:0187-1
SUSE-SU-2025:0188-1
SUSE-SU-2025:0255-1
SUSE-SU-2025:0262-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu