GHSA-3Q8W-82VQ-P7RQ
Vulnerability from github – Published: 2024-07-30 09:32 – Updated: 2024-12-11 15:31In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Check socket flag instead of hcon
This fixes the following Smatch static checker warning:
net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359)
net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket sock, struct msghdr msg, 1348 size_t len, int flags) 1349 { 1350 struct sock sk = sock->sk; 1351 struct iso_pinfo pi = iso_pi(sk); 1352 1353 BT_DBG("sk %p", sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 switch (sk->sk_state) { 1358 case BT_CONNECT2: 1359 if (pi->conn->hcon && ^^^^^^^^^^^^^^ If ->hcon is NULL
1360 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { --> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ then we're toast
1365 sk->sk_state = BT_CONFIG; 1366 } 1367 release_sock(sk); 1368 return 0; 1369 case BT_CONNECTED: 1370 if (test_bit(BT_SK_PA_SYNC,
{
"affected": [],
"aliases": [
"CVE-2024-42141"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-30T08:15:05Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Check socket flag instead of hcon\n\nThis fixes the following Smatch static checker warning:\n\nnet/bluetooth/iso.c:1364 iso_sock_recvmsg()\nerror: we previously assumed \u0027pi-\u003econn-\u003ehcon\u0027 could be null (line 1359)\n\nnet/bluetooth/iso.c\n1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,\n1348 size_t len, int flags)\n1349 {\n1350 struct sock *sk = sock-\u003esk;\n1351 struct iso_pinfo *pi = iso_pi(sk);\n1352\n1353 BT_DBG(\"sk %p\", sk);\n1354\n1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP,\n \u0026bt_sk(sk)-\u003eflags)) {\n1356 lock_sock(sk);\n1357 switch (sk-\u003esk_state) {\n1358 case BT_CONNECT2:\n1359 if (pi-\u003econn-\u003ehcon \u0026\u0026\n ^^^^^^^^^^^^^^ If -\u003ehcon is NULL\n\n1360 test_bit(HCI_CONN_PA_SYNC,\n \u0026pi-\u003econn-\u003ehcon-\u003eflags)) {\n1361 iso_conn_big_sync(sk);\n1362 sk-\u003esk_state = BT_LISTEN;\n1363 } else {\n--\u003e 1364 iso_conn_defer_accept(pi-\u003econn-\u003ehcon);\n ^^^^^^^^^^^^^^\n then we\u0027re toast\n\n1365 sk-\u003esk_state = BT_CONFIG;\n1366 }\n1367 release_sock(sk);\n1368 return 0;\n1369 case BT_CONNECTED:\n1370 if (test_bit(BT_SK_PA_SYNC,",
"id": "GHSA-3q8w-82vq-p7rq",
"modified": "2024-12-11T15:31:15Z",
"published": "2024-07-30T09:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42141"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.