Bugzilla – Bug 1219612
VUL-0: CVE-2024-24859: kernel-source,kernel-source-azure,kernel-source-rt: race condition in sniff_{min,max}_interval_set() can lead to a kernel panic
Last modified: 2024-04-17 11:31:28 UTC
A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24859 https://www.cve.org/CVERecord?id=CVE-2024-24859 https://bugzilla.openanolis.cn/show_bug.cgi?id=8153
This is similar to da9065caa594 ("Bluetooth: Fix atomicity violation in {min,max}_key_size_set"), but no fix has been merged yet. The patch is in the mailing list: https://marc.info/?l=linux-bluetooth&m=170326263725876&w=2
Introduced in 71c3b60ec6d2 ("Bluetooth: Move BR/EDR debugfs file creation ..."), which is present in: - cve/linux-4.4 - cve/linux-4.12 - cve/linux-5.3 - cve/linux-5.14 - SLE15-SP6 - stable - master
Same situation as bug 1219609. Since CONFIG_BT_DEBUGFS is not enabled, we are not affected by this CVE.