SB2024123093 - Use-after-free in Linux kernel bluetooth
Published: December 30, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024123093
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-53237)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __match_tty() and hci_conn_del_sysfs() functions in net/bluetooth/hci_sysfs.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0f67ca2a80acf8b207240405b7f72d660665d3df
- https://git.kernel.org/stable/c/27aabf27fd014ae037cc179c61b0bee7cff55b3d
- https://git.kernel.org/stable/c/7b277bd569bb6a2777f0014f84b4344f444fd49d
- https://git.kernel.org/stable/c/91e2a2e4d1336333804cd31162984f01ad8cc70f
- https://git.kernel.org/stable/c/a9584c897d1cba6265c78010bbb45ca5722c88bc
- https://git.kernel.org/stable/c/de5a44f351ca7efd9add9851b218f5353e2224b7
- https://git.kernel.org/stable/c/fb91ce37dc9a37ea23cf32b6d7b667004e93d4c5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.231