CVE-2024-21803 — Use After Free in Kernel

CWE-416 — Use After Free6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 90.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc Azl3 Kernel 6.6.35.1-4 ON Azure Linux 3.0 +3 more

Timeline

PublishedJan 30

Description

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5linux/linux_kernelv2.6.12-rc2 — v6.8-rc1

▶NVDlinux/linux_kernel2.6.12.1 — 6.6.8+2

▶msrcmsrc/azl3_kernel_6.6.35.1-4_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.92.2-1_on_azure_linux_3.0

▶debiandebian/linux

🔴Vulnerability Details

OSV

CVE-2024-21803: Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code↗2024-01-30

▶

GHSA

GHSA-c5mq-q8c8-ppcw: Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code↗2024-01-30

▶

📋Vendor Advisories

Red Hat

kernel: bluetooth: use-after-free vulnerability in af_bluetooth.c↗2024-01-30

▶

Microsoft

Possible UAF in bt_accept_poll in Linux kernel↗2024-01-09

▶

Debian

CVE-2024-21803: linux - Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bl...↗2024

▶