PT-2024-3619 · Linux+9 · Linux Kernel+9
Published
2024-05-03
·
Updated
2025-09-29
·
CVE-2024-27399
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.9.0-rc5-00356-g78c0094a146b
Description:
The issue is related to a null pointer dereference bug in the Linux kernel's Bluetooth subsystem, specifically in the
l2cap chan timeout function. This bug occurs due to a race condition between l2cap chan timeout and l2cap chan del, where the chan->conn is set to null when the channel is deleted, but can still be dereferenced in the mutex lock of l2cap chan timeout. The KASAN report triggered by the Proof of Concept (POC) shows the null pointer dereference error.Recommendations:
To resolve this issue, update the Linux kernel to a version that includes the fix for the null pointer dereference bug in the
l2cap chan timeout function. As a temporary workaround, consider disabling the Bluetooth functionality until a patch is available.Exploit
Fix
NULL Pointer Dereference
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu