CVE-2024-50125
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 5, 2024
Updated: Nov 8, 2024
CWE ID 416
Summary
CVE-2024-50125 is a vulnerability affecting the Linux kernel's Bluetooth Subsystem. The issue involves a Use-After-Free (UAF) condition in the handling of Synchronous Connection-Oriented (SCO) data. Specifically, the 'sco_sock_timeout' function may attempt to access a socket (conn->sk) that has been unlinked or freed while waiting for the sco_conn_lock. To mitigate this issue, the Linux kernel now checks if the socket is still valid by ensuring it remains part of the 'sco_sk_list'.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share