Vulnerabilities > CVE-2024-42132 - Release of Invalid Pointer or Reference vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection. Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/1cc18c2ab2e8c54c355ea7c0423a636e415a0c23
- https://git.kernel.org/stable/c/1cc18c2ab2e8c54c355ea7c0423a636e415a0c23
- https://git.kernel.org/stable/c/4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4
- https://git.kernel.org/stable/c/4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4
- https://git.kernel.org/stable/c/d311036696fed778301d08a71a4bef737b86d8c5
- https://git.kernel.org/stable/c/d311036696fed778301d08a71a4bef737b86d8c5