fkie_cve-2024-41062
Vulnerability from fkie_nvd
Published
2024-07-29 15:15
Modified
2024-11-21 09:32
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ---- sock_close hci_rx_work l2cap_sock_release hci_acldata_packet l2cap_sock_kill l2cap_recv_frame sk_free l2cap_conless_channel l2cap_sock_recv_cb If hci_rx_work processes the data that needs to be received before the sock is closed, then everything is normal; Otherwise, the work thread may access the released sock when receiving data. Add a chan mutex in the rx callback of the sock to achieve synchronization between the sock release and recv cb. Sock is dead, so set chan data to NULL, avoid others use invalid sock pointer.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/l2cap: sync sock recv cb and release\n\nThe problem occurs between the system call to close the sock and hci_rx_work,\nwhere the former releases the sock and the latter accesses it without lock protection.\n\n           CPU0                       CPU1\n           ----                       ----\n           sock_close                 hci_rx_work\n\t   l2cap_sock_release         hci_acldata_packet\n\t   l2cap_sock_kill            l2cap_recv_frame\n\t   sk_free                    l2cap_conless_channel\n\t                              l2cap_sock_recv_cb\n\nIf hci_rx_work processes the data that needs to be received before the sock is\nclosed, then everything is normal; Otherwise, the work thread may access the\nreleased sock when receiving data.\n\nAdd a chan mutex in the rx callback of the sock to achieve synchronization between\nthe sock release and recv cb.\n\nSock is dead, so set chan data to NULL, avoid others use invalid sock pointer."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: bluetooth/l2cap: sync sock recv cb and release El problema ocurre entre la llamada al sistema para cerrar el calcet\u00edn y hci_rx_work, donde el primero libera el calcet\u00edn y el segundo accede a \u00e9l sin protecci\u00f3n de bloqueo. . CPU0 CPU1 ---- ---- sock_close hci_rx_work l2cap_sock_release hci_acldata_packet l2cap_sock_kill l2cap_recv_frame sk_free l2cap_conless_channel l2cap_sock_recv_cb Si hci_rx_work procesa los datos que deben recibirse antes de cerrar el sock, entonces todo es normal; De lo contrario, el hilo de trabajo puede acceder al sock liberado al recibir datos. Agregue un mutex chan en la devoluci\u00f3n de llamada rx del sock para lograr la sincronizaci\u00f3n entre la liberaci\u00f3n del sock y recv cb. Sock est\u00e1 muerto, as\u00ed que configure los datos de chan en NULL, evite que otros usen un puntero de sock no v\u00e1lido."
    }
  ],
  "id": "CVE-2024-41062",
  "lastModified": "2024-11-21T09:32:10.077",
  "metrics": {},
  "published": "2024-07-29T15:15:14.173",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.