CVE-2024-56654

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 27, 2024
Updated: Jan 6, 2025

Summary

CVE-2024-56654: A vulnerability in the Linux kernel's Bluetooth subsystem has been addressed. The issue arises when using rcu_read_(un)lock within list_for_each_entry_rcu, which is not safe due to the entries being treated as rcu_dereference. The misuse of rcu_dereference() outside of the enclosing RCU read-side critical section can lead to bugs and potential security vulnerabilities. For instance, accessing p->address or p->data right after rcu_read_unlock() would be incorrect.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share