Bugzilla – Bug 1219609
VUL-0: CVE-2024-24858: kernel-source,kernel-source-azure,kernel-source-rt: race condition net/bluetooth in {conn,adv}_{min,max}_interval_set() function
Last modified: 2024-07-03 13:41:04 UTC
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24858 https://www.cve.org/CVERecord?id=CVE-2024-24858 https://bugzilla.openanolis.cn/show_bug.cgi?id=8154
Patch (not merged yet): https://marc.info/?l=linux-bluetooth&m=170326157825132&w=2
If the Fixes commit mentioned in the current patch is correct, the following will be affected: - SLE15-SP6 - cve/linux-4.12 - cve/linux-4.4 - cve/linux-5.14 - cve/linux-5.3 - stable
The offending commit is: commit 18f81241b74fb49d576c83fbbab9a0b6e3bb20d4 Author: Marcel Holtmann <marcel@holtmann.org> Date: Sat Jan 25 09:19:51 2020 +0100 Bluetooth: Move {min,max}_key_size debugfs into hci_debugfs_create_le which is introduced in v5.10-rc1. So older kernel versions should not be affected. If I didn't make a mistake here, please update the page accordingly. https://www.suse.com/security/cve/CVE-2024-24858.html
Please ignore my previous comment. The patch submitter sent a series of patches to upstream and only one of them is merged into mainline. I thought it's for this CVE but it turns out not. The problem is we have a customer requesting the fix for SLE12SP5 now. I wonder if we can provide PTF based on the patch in comment 1.
AFAIK, all SLE releases don't enable CONFIG_BT_DEBUGFS, hence we aren't affected.
All done, closing.