CVE-2024-56653 — Use After Free in Linux

CWE-416 — Use After Free32 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 93.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +2 more

Timeline

PublishedDec 27

Latest updateMay 29

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: avoid UAF in btmtk_process_coredump hci_devcd_append may lead to the release of the skb, so it cannot be accessed once it is called. BUG: KASAN: slab-use-after-free in btmtk_process_coredump+0x2a7/0x2d0 [btmtk] Read of size 4 at addr ffff888033cfabb0 by task kworker/0:3/82 CPU: 0 PID: 82 Comm: kworker/0:3 Tainted: G U 6.6.40-lockdep-03464-g1d8b4eb3060e #1 b0b3c1cc0c842735643fb411799d97921d1f688c Hardware na…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶NVDlinux/linux_kernel6.6 — 6.6.67+2

▶Debianlinux/linux_kernel< 6.12.6-1+1

▶Ubuntulinux/linux_kernel< 6.8.0-59.61+5

▶msrcmsrc/azl3_kernel_6.6.64.2-9_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.76.1-1_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

Kernel Live Patch Security Notice↗2025-05-29

▶

OSV

linux-raspi vulnerabilities↗2025-05-26

▶

OSV

linux-azure-nvidia vulnerabilities↗2025-05-20

▶

OSV

linux-raspi-realtime vulnerabilities↗2025-05-20

▶

OSV

linux-azure-6.8 vulnerabilities↗2025-05-07

▶

📋Vendor Advisories

Ubuntu

Kernel Live Patch Security Notice↗2025-05-29

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2025-05-26

▶

Ubuntu

Linux kernel (Azure, N-Series) vulnerabilities↗2025-05-20

▶

Ubuntu

Linux kernel (Raspberry Pi Real-time) vulnerabilities↗2025-05-20

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2025-05-07

▶