CVE-2024-50255

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 9, 2024
Updated: Nov 14, 2024
CWE ID 476

Summary

CVE-2024-50255: A null-pointer dereference vulnerability has been identified and resolved in the Linux kernel's Bluetooth subsystem. The issue occurs in the function __hci_cmd_sync_sk() when processing HCI_OP_READ_LOCAL_CODECS, as it assumes a valid status byte even when the opcode doesn't exist in the hci_cc table. This results in a null-pointer dereference, potentially leading to a kernel panic or other security implications. The vulnerability was discovered by the kernel address sanitizer (KASAN) in a QEMU environment, and affected versions prior to the patch release are susceptible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share