CVE-2024-58009
Published: Feb 27, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc A NULL sock pointer is passed into l2cap_sock_alloc() when it is called from l2cap_sock_new_connection_cb() and the error handling paths should also be aware of it. Seemingly a more elegant solution would be to swap bt_sock_alloc() and l2cap_chan_create() calls since they are not interdependent to that moment but then l2cap_chan_create() adds the soon to be deallocated and still dummy-initialized channel to the global list accessible by many L2CAP paths. The channel would be removed from the list in short period of time but be a bit more straight-forward here and just check for NULL instead of changing the order of function calls. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected f6ad641646b67f29c7578dcd6c25813c7dcbf51e - < a9a7672fc1a0fe18502493936ccb06413ab89ea6affected daa13175a6dea312a76099066cb4cbd4fc959a84 - < 8e605f580a97530e5a3583beea458a3fa4cbefbdaffected a8677028dd5123e5e525b8195483994d87123de4 - < cf601a24120c674cd7c907ea695f92617af6abd0affected bb2f2342a6ddf7c04f9aefbbfe86104cd138e629 - < 297ce7f544aa675b0d136d788cad0710cdfb0785affected 8ad09ddc63ace3950ac43db6fbfe25b40f589dd6 - < 245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22+9 more versions |
Linux | Linux | affected 6.13unaffected 0 - < 6.13unaffected 5.4.291 - <= 5.4.*unaffected 5.10.235 - <= 5.10.*unaffected 5.15.179 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now