FKIE_CVE-2024-42141

Vulnerability from fkie_nvd - Published: 2024-07-30 08:15 - Updated: 2026-06-17 07:48
Severity
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk %p", sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 switch (sk->sk_state) { 1358 case BT_CONNECT2: 1359 if (pi->conn->hcon && ^^^^^^^^^^^^^^ If ->hcon is NULL 1360 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { --> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ then we're toast 1365 sk->sk_state = BT_CONFIG; 1366 } 1367 release_sock(sk); 1368 return 0; 1369 case BT_CONNECTED: 1370 if (test_bit(BT_SK_PA_SYNC,
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544ePatch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.10
linux linux_kernel 6.10
linux linux_kernel 6.10
linux linux_kernel 6.10
linux linux_kernel 6.10
linux linux_kernel 6.10
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/iso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "045669710464a21c67e690ef14698fd71857cb11",
              "status": "affected",
              "version": "fbdc4bc47268953c80853489f696e02d61f9a2c6",
              "versionType": "git"
            },
            {
              "lessThan": "33fabef489169c6db87843ef23351ed0d5e51ad8",
              "status": "affected",
              "version": "fbdc4bc47268953c80853489f696e02d61f9a2c6",
              "versionType": "git"
            },
            {
              "lessThan": "596b6f081336e77764ca35cfeab66d0fcdbe544e",
              "status": "affected",
              "version": "fbdc4bc47268953c80853489f696e02d61f9a2c6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c03a10bd5b6ccb22921e04bcddc987410df7e7a9",
              "versionType": "git"
            },
            {
              "lessThan": "6.6",
              "status": "affected",
              "version": "6.5.12",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/iso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD63F94-BD00-4EF2-9873-45E8DED18B9A",
              "versionEndExcluding": "6.6",
              "versionStartIncluding": "6.5.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00F6F32E-C522-4E2D-BA6B-B110CFD4B83F",
              "versionEndExcluding": "6.6.39",
              "versionStartIncluding": "6.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085",
              "versionEndExcluding": "6.9.9",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Check socket flag instead of hcon\n\nThis fixes the following Smatch static checker warning:\n\nnet/bluetooth/iso.c:1364 iso_sock_recvmsg()\nerror: we previously assumed \u0027pi-\u003econn-\u003ehcon\u0027 could be null (line 1359)\n\nnet/bluetooth/iso.c\n1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,\n1348                             size_t len, int flags)\n1349 {\n1350         struct sock *sk = sock-\u003esk;\n1351         struct iso_pinfo *pi = iso_pi(sk);\n1352\n1353         BT_DBG(\"sk %p\", sk);\n1354\n1355         if (test_and_clear_bit(BT_SK_DEFER_SETUP,\n                                      \u0026bt_sk(sk)-\u003eflags)) {\n1356                 lock_sock(sk);\n1357                 switch (sk-\u003esk_state) {\n1358                 case BT_CONNECT2:\n1359                         if (pi-\u003econn-\u003ehcon \u0026\u0026\n                                     ^^^^^^^^^^^^^^ If -\u003ehcon is NULL\n\n1360                             test_bit(HCI_CONN_PA_SYNC,\n                                         \u0026pi-\u003econn-\u003ehcon-\u003eflags)) {\n1361                                 iso_conn_big_sync(sk);\n1362                                 sk-\u003esk_state = BT_LISTEN;\n1363                         } else {\n--\u003e 1364                         iso_conn_defer_accept(pi-\u003econn-\u003ehcon);\n                                                       ^^^^^^^^^^^^^^\n                                                       then we\u0027re toast\n\n1365                                 sk-\u003esk_state = BT_CONFIG;\n1366                         }\n1367                         release_sock(sk);\n1368                         return 0;\n1369                 case BT_CONNECTED:\n1370                         if (test_bit(BT_SK_PA_SYNC,"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: ISO: Verifique el indicador de socket en lugar de hcon. Esto corrige la siguiente advertencia del verificador est\u00e1tico de Smatch: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: previamente asumimos \u0027pi -\u0026gt;conn-\u0026gt;hcon\u0027 podr\u00eda ser nulo (l\u00ednea 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = calcet\u00edn-\u0026gt;sk; 1351 estructura iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG(\"sk%p\",sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, \u0026amp;bt_sk(sk)-\u0026gt;flags)) { 1356 lock_sock(sk); 1357 interruptor (sk-\u0026gt;sk_state) { 1358 caso BT_CONNECT2: 1359 si (pi-\u0026gt;conn-\u0026gt;hcon \u0026amp;\u0026amp; ^^^^^^^^^^^^^^ Si -\u0026gt;hcon es NULL 1360 test_bit(HCI_CONN_PA_SYNC, \u0026amp;pi -\u0026gt;conn-\u0026gt;hcon-\u0026gt;flags)) { 1361 iso_conn_big_sync(sk); 1362 sk-\u0026gt;sk_state = BT_LISTEN; 1363 } else { --\u0026gt; 1364 iso_conn_defer_accept(pi-\u0026gt;conn-\u0026gt;hcon); ^^^^^^^^^^^^^^ entonces estamos 1365 sk-\u0026gt;sk_state = BT_CONFIG; 1366 } 1367 liberaci\u00f3n_sock(sk); 1368 devuelve 0; 1369 caso BT_CONNECTED: 1370 si (test_bit(BT_SK_PA_SYNC,"
    }
  ],
  "id": "CVE-2024-42141",
  "lastModified": "2026-06-17T07:48:55.127",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2024-42141",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2024-09-10T16:15:53.613577Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2024-07-30T08:15:05.917",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.