Vulnerabilities > CVE-2024-49951 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed If mgmt_index_removed is called while there are commands queued on cmd_sync it could lead to crashes like the bellow trace: 0x0000053D: __list_del_entry_valid_or_report+0x98/0xdc 0x0000053D: mgmt_pending_remove+0x18/0x58 [bluetooth] 0x0000053E: mgmt_remove_adv_monitor_complete+0x80/0x108 [bluetooth] 0x0000053E: hci_cmd_sync_work+0xbc/0x164 [bluetooth] So while handling mgmt_index_removed this attempts to dequeue commands passed as user_data to cmd_sync.
Vulnerable Configurations
References
- https://git.kernel.org/stable/c/0cc47233af35fb5f10b5e6a027cb4ccd480caf9a
- https://git.kernel.org/stable/c/19b40ca62607cef78369549d1af091f2fd558931
- https://git.kernel.org/stable/c/4883296505aa7e4863c6869b689afb6005633b23
- https://git.kernel.org/stable/c/8c3f7943a29145d8a2d8e24893762f7673323eae
- https://git.kernel.org/stable/c/f53e1c9c726d83092167f2226f32bd3b73f26c21