CVE-2024-58013

Summary

CVE-2024-58013 is a vulnerability affecting the Linux kernel's Bluetooth subsystem. The issue involves a use-after-free condition in the function mgmt_remove_adv_monitor_sync, located in net/bluetooth/mgmt.c. This vulnerability can lead to a crash, as demonstrated in the kernel crash report. The vulnerability occurs when the task kworker/u9:4/5961 attempts to read memory that has been previously freed by task kworker/u9:4/16022. The affected memory was allocated by function mgmt_pending_add and freed by function hci_dev_close_sync. The cause of the issue is a failure to properly manage memory in the Bluetooth subsystem. The vulnerability can potentially allow an attacker to execute arbitrary code or cause a denial-of-service condition by exploiting the memory corruption. Users are advised to patch their systems with the appropriate kernel update to address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.