Bug 2261903 (CVE-2024-21803) - CVE-2024-21803 kernel: bluetooth: use-after-free vulnerability in af_bluetooth.c
Summary: CVE-2024-21803 kernel: bluetooth: use-after-free vulnerability in af_bluetooth.c
Status: CLOSED DUPLICATE of bug 2256822
Alias: CVE-2024-21803
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2261906
Blocks: 2261908
TreeView+ depends on / blocked
Reported: 2024-01-30 09:56 UTC by Mauro Matteo Cascella
Modified: 2024-04-25 16:21 UTC (History)
50 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
NVD describes an after-free vulnerability found in the Linux kernel in the Linux x86 ARM Bluetooth module that allows local code execution. This vulnerability is associated with the program file, https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects the Linux kernel in versions v6.8-rc1 through v2.6.12-rc2.
Clone Of:
Last Closed: 2024-04-25 16:21:37 UTC

Attachments (Terms of Use)

Description Mauro Matteo Cascella 2024-01-30 09:56:18 UTC
NVD description:
Use After Free vulnerability in Linux kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.

This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.


Comment 1 Mauro Matteo Cascella 2024-01-30 10:05:38 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2261906]

Comment 5 Alex 2024-03-19 15:39:13 UTC
Assuming that fixed by the https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768
(based on cmt from the RHEL-23289 ).

Maybe can close as duplicate of the CVE-2023-51779 (not sure yet, so not closing now).

Comment 7 Alex 2024-04-25 16:21:37 UTC

*** This bug has been marked as a duplicate of bug 2256822 ***

Note You need to log in before you can comment on or make changes to this bug.