|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2024-24858: kernel-source,kernel-source-azure,kernel-source-rt: race condition net/bluetooth in {conn,adv}_{min,max}_interval_set() function | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | carlos.lopez, lidong.zhong, meissner, mhocko, thomas.leroy, tiwai, vasant.karasulli |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/393024/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2024-24858:5.3:(AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
Patch (not merged yet): https://marc.info/?l=linux-bluetooth&m=170326157825132&w=2 If the Fixes commit mentioned in the current patch is correct, the following will be affected: - SLE15-SP6 - cve/linux-4.12 - cve/linux-4.4 - cve/linux-5.14 - cve/linux-5.3 - stable The offending commit is: commit 18f81241b74fb49d576c83fbbab9a0b6e3bb20d4 Author: Marcel Holtmann <marcel@holtmann.org> Date: Sat Jan 25 09:19:51 2020 +0100 Bluetooth: Move {min,max}_key_size debugfs into hci_debugfs_create_le which is introduced in v5.10-rc1. So older kernel versions should not be affected. If I didn't make a mistake here, please update the page accordingly. https://www.suse.com/security/cve/CVE-2024-24858.html Please ignore my previous comment. The patch submitter sent a series of patches to upstream and only one of them is merged into mainline. I thought it's for this CVE but it turns out not. The problem is we have a customer requesting the fix for SLE12SP5 now. I wonder if we can provide PTF based on the patch in comment 1. AFAIK, all SLE releases don't enable CONFIG_BT_DEBUGFS, hence we aren't affected. All done, closing. |
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24858 https://www.cve.org/CVERecord?id=CVE-2024-24858 https://bugzilla.openanolis.cn/show_bug.cgi?id=8154