CVE-2024-42132

Published: Jul 30, 2024

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection. Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning.

Vendor	Product	Versions
Linux	Linux	affected `84cb0143fb8a03bf941c7aaedd56c938c99dafad - < 4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4` affected `181a42edddf51d5d9697ecdf365d72ebeab5afb0 - < d311036696fed778301d08a71a4bef737b86d8c5` affected `181a42edddf51d5d9697ecdf365d72ebeab5afb0 - < 1cc18c2ab2e8c54c355ea7c0423a636e415a0c23` affected `e9f708beada55426c8d678e2f46af659eb5bf4f0` affected `6.6.2 - < 6.6.39` +1 more versions
Linux	Linux	affected `6.7` unaffected `0 - < 6.7` unaffected `6.6.39 - <= 6.6.` unaffected `6.9.9 - <= 6.9.` unaffected `6.10 - <= *`

References

https://git.kernel.org/stable/c/4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4

https://git.kernel.org/stable/c/d311036696fed778301d08a71a4bef737b86d8c5

https://git.kernel.org/stable/c/1cc18c2ab2e8c54c355ea7c0423a636e415a0c23

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-42132

Description

Affected Products

References