Vulnerabilities > CVE-2024-56605 - Use After Free vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/61686abc2f3c2c67822aa23ce6f160467ec83d35
- https://git.kernel.org/stable/c/7c4f78cdb8e7501e9f92d291a7d956591bf73be9
- https://git.kernel.org/stable/c/8ad09ddc63ace3950ac43db6fbfe25b40f589dd6
- https://git.kernel.org/stable/c/a8677028dd5123e5e525b8195483994d87123de4
- https://git.kernel.org/stable/c/bb2f2342a6ddf7c04f9aefbbfe86104cd138e629
- https://git.kernel.org/stable/c/daa13175a6dea312a76099066cb4cbd4fc959a84
- https://git.kernel.org/stable/c/f6ad641646b67f29c7578dcd6c25813c7dcbf51e