PT-2024-4093 · Linux+5 · Linux Kernel+5
Sungwoo Kim
·
Published
2024-05-03
·
Updated
2026-05-26
·
CVE-2024-36013
CVSS v3.1
6.8
Medium
| Vector | AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a slab-use-after-free vulnerability in the
l2cap connect() function. This vulnerability can be exploited due to a race condition, allowing an attacker to potentially impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when the chan variable is freed early, and then its memory is accessed again, leading to a use-after-free condition. The l2cap connect() function is used in the Bluetooth L2CAP protocol implementation.Technical details about exploitation include:
- The
l2cap bredr sig cmdfunction callsl2cap connect(), which allocates memory for thechanvariable. - The
l2cap conn delfunction frees thechanvariable, but due to the race condition, the memory can be accessed after it has been freed. - The vulnerability can be triggered by exploiting the race condition between the allocation and deallocation of the
chanvariable.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Race Condition
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu