CVE-2024-35966
Published: May 20, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673 Read of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected bb23c0ab824653be4aa7dfca15b07b3059717004 - < d072ea24748189cd8f4a9c3f585ca9af073a0838affected bb23c0ab824653be4aa7dfca15b07b3059717004 - < 00767fbd67af70d7a550caa5b12d9515fa978babaffected bb23c0ab824653be4aa7dfca15b07b3059717004 - < eea40d33bf936a5c7fb03c190e61e0cfee00e872affected bb23c0ab824653be4aa7dfca15b07b3059717004 - < 4ea65e2095e9bd151d0469328dd7fc2858feb546affected bb23c0ab824653be4aa7dfca15b07b3059717004 - < c3f787a3eafe519c93df9abbb0ca5145861c8d0f+1 more versions |
Linux | Linux | affected 2.6.30unaffected 0 - < 2.6.30unaffected 5.10.234 - <= 5.10.*unaffected 5.15.178 - <= 5.15.*unaffected 6.1.107 - <= 6.1.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now