CVE-2024-50255
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50255: A null-pointer dereference vulnerability has been identified and resolved in the Linux kernel's Bluetooth subsystem. The issue occurs in the function __hci_cmd_sync_sk() when processing HCI_OP_READ_LOCAL_CODECS, as it assumes a valid status byte even when the opcode doesn't exist in the hci_cc table. This results in a null-pointer dereference, potentially leading to a kernel panic or other security implications. The vulnerability was discovered by the kernel address sanitizer (KASAN) in a QEMU environment, and affected versions prior to the patch release are susceptible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX