CVE-2024-36968

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The issue is related to a div-by-zero and integer overflow vulnerability in the l2cap le flowctl init() function. This vulnerability can be caused by an invalid hdev->le mtu value. To fix this, the MTU is moved from hci dev to hci conn to validate it and stop the connection process earlier if it is invalid. Additionally, a missing validation in read buffer size() is added to return an error value if the validation fails. The hci conn add() function now returns ERR PTR() as it can fail due to a kzalloc failure or an invalid MTU value.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the l2cap le flowctl init() function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the hdev->le mtu parameter in the affected API endpoint until the issue is resolved.