CVE-2024-22099

Name of the Vulnerable Software and Affected Versions Linux kernel version v2.6.12-rc2

Description The issue is related to a NULL Pointer Dereference vulnerability in the Linux kernel, specifically in the net and bluetooth modules. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C and allows for Overflow Buffers. The rfcomm check security() function is mentioned as being related to the vulnerability, which is associated with a null pointer dereference. This could potentially allow an attacker to cause a denial of service.

Recommendations To resolve the issue for Linux kernel version v2.6.12-rc2, update to a version newer than v2.6.12-rc2, as upstream kernel version 6.6.28 is mentioned to fix bugs and vulnerabilities. As a temporary workaround, consider disabling the rfcomm check security() function until a patch is available. Restrict access to the vulnerable module net/bluetooth/rfcomm/core.C to minimize the risk of exploitation.