CVE-2024-56605

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue is related to the Bluetooth L2CAP protocol in the Linux kernel. Specifically, in the l2cap sock create() function, a dangling pointer to the sk object may be left attached to the sock object when an error occurs during bt sock alloc(). This can lead to a use-after-free condition in other parts of the code. The bt sock alloc() function allocates the sk object and attaches it to the provided sock object. However, when an error occurs, l2cap sock alloc() frees the sk object, but the dangling pointer remains attached to the sock object.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling Bluetooth functionality until a patch is available. Restrict access to the l2cap sock create() function to minimize the risk of exploitation. Avoid using the bt sock alloc() function in error-prone code paths until the issue is resolved.