SB2024061313 - Division by zero in Linux kernel net bluetooth
Published: June 13, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Division by zero (CVE-ID: CVE-2024-36968)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sco_sock_clear_timer() and sco_conn_add() functions in net/bluetooth/sco.c, within the l2cap_finish_move(), l2cap_rx_state_wait_f() and l2cap_conn_add() functions in net/bluetooth/l2cap_core.c, within the iso_sock_sendmsg() function in net/bluetooth/iso.c, within the hci_cc_read_buffer_size(), hci_cc_le_read_buffer_size(), hci_cs_create_conn(), hci_conn_complete_evt(), hci_conn_request_evt(), hci_cc_le_read_buffer_size_v2(), le_conn_complete_evt(), hci_le_cis_req_evt(), hci_le_big_sync_established_evt() and hci_le_big_info_adv_report_evt() functions in net/bluetooth/hci_event.c, within the hci_conn_add(), hci_conn_add_unset(), hci_connect_le(), hci_add_bis(), hci_connect_le_scan(), hci_connect_acl(), hci_connect_sco(), hci_bind_cis() and hci_iso_qos_setup() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674
- https://git.kernel.org/stable/c/dfece2b4e3759759b2bdfac2cd6d0ee9fbf055f3
- https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30
- https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44
- https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8