Description

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

Related CPE's

o

linux

linux_kernel

Vulnerable

o

debian

debian_linux

3

o

canonical

ubuntu_linux

5

References

http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10

Release Notes

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1

Patch

https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1

Patch

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html

https://security.netapp.com/advisory/ntap-20231020-0007/

Third Party Advisory

https://www.debian.org/security/2023/dsa-5480

Third Party Advisory

https://www.debian.org/security/2023/dsa-5492

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-416

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-14T03:15:09.257

11 months ago

Last modified

2024-01-11T19:15:10.930

6 months ago