Showing 1 - 2 of 2

CVE-2024-26801

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-after-free in hci_error_reset. Here's the call trace observed on a ChromeOS device with Intel AX201: queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? init_wait_entry+0x31/0x31 __hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>] process_one_work+0x1d8/0x33f worker_thread+0x21b/0x373 kthread+0x13a/0x152 ? pr_cont_work+0x54/0x54 ? kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 This patch holds the reference count on the hci_dev while processing a HCI_EV_HARDWARE_ERROR event to avoid potential crash.

Related Files

Ubuntu Security Notice USN-6778-1: Posted May 17, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6778-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, denial of service, kernel; systems | linux, ubuntu; advisories | CVE-2021-46939, CVE-2023-47233, CVE-2023-52524, CVE-2023-52566, CVE-2023-52602, CVE-2024-26614, CVE-2024-26801; SHA-256 | 5a2b8f3e7c01bf9c18ee07e2832ea0ee3f8ecf967fad1e117b272bd91c9ddf00; Download | Favorite | View

Ubuntu Security Notice USN-6774-1: Posted May 17, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6774-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.; tags | advisory, denial of service, kernel, local; systems | linux, ubuntu; advisories | CVE-2022-0001, CVE-2023-47233, CVE-2023-52601, CVE-2023-52602, CVE-2023-52615, CVE-2024-2201, CVE-2024-26614, CVE-2024-26635, CVE-2024-26801; SHA-256 | 879e950c4cc102e3739561be7468b79c78e99aa24cc7b8cac33139378491991e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 80 files
Debian 19 files
Ahmet Umit Bayram 8 files
Amit Roy 4 files
Jann Horn 4 files
Google Security Research 4 files
tmrswrr 4 files
Furkan Eren Tetik 4 files
h00die 3 files

File Archives

Systems

AIX (429)
Apple (2,089)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,061)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,018)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (16,064)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,580)
UNIX (9,417)
UnixWare (187)
Windows (6,662)
Other

CVE-2024-26801

Overview

Related Files

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems