Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-50077

Disclosure Date: October 29, 2024 •

CVE-2024-50077 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: ISO: Fix multiple init when debugfs is disabled

If bt_debugfs is not created successfully, which happens if either
CONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init()
returns early and does not set iso_inited to true. This means that a
subsequent call to iso_init() will result in duplicate calls to
proto_register(), bt_sock_register(), etc.

With CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, the
duplicate call to proto_register() triggers this BUG():

list_add double add: new=ffffffffc0b280d0, prev=ffffffffbab56250,

next=ffffffffc0b280d0.

——————[ cut here ]——————
kernel BUG at lib/list_debug.c:35!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI
CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1
RIP: 0010:__list_add_valid_or_report+0x9a/0xa0
…

__list_add_valid_or_report+0x9a/0xa0
proto_register+0x2b5/0x340
iso_init+0x23/0x150 [bluetooth]
set_iso_socket_func+0x68/0x1b0 [bluetooth]
kmem_cache_free+0x308/0x330
hci_sock_sendmsg+0x990/0x9e0 [bluetooth]
__sock_sendmsg+0x7b/0x80
sock_write_iter+0x9a/0x110
do_iter_readv_writev+0x11d/0x220
vfs_writev+0x180/0x3e0
do_writev+0xca/0x100

…

This change removes the early return. The check for iso_debugfs being
NULL was unnecessary, it is always NULL when iso_inited is false.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

linux

Products

linux kernel,
linux kernel 6.12

References

Canonical

CVE-2024-50077 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50077)

Miscellaneous

https://git.kernel.org/stable/c/fa4b832c5a6ec35023a1b997cf658c436619c752

https://git.kernel.org/stable/c/8fb8e912afb4c47dec12ea9a5853e7a8db95816f

https://git.kernel.org/stable/c/adf1b179c2ff8073c24bf87e5a605fcc5a09798b

https://git.kernel.org/stable/c/a9b7b535ba192c6b77e6c15a4c82d853163eab8c

Rapid7

Unknown

CVE-2024-50077

Unknown

Unknown

None

Low

Local

CVE-2024-50077

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-50077

Unknown

Unknown

None

Low

Local

CVE-2024-50077

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification