跳转到帖子

Ubuntu: (Multiple Advisories) (CVE-2024-36013): Linux kernel vulnerabilities

recommended_posts

发布于
  • Members

Ubuntu: (Multiple Advisories) (CVE-2024-36013): Linux kernel vulnerabilities

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
05/23/2024
Created
08/10/2024
Added
08/09/2024
Modified
01/23/2025

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect + mutex_lock(&conn->chan_lock); ¦ chan = pchan->ops->new_connection(pchan); <- alloc chan ¦ __l2cap_chan_add(conn, chan); ¦ l2cap_chan_hold(chan); ¦ list_add(&chan->list, &conn->chan_l); ... (1) + mutex_unlock(&conn->chan_lock); chan->conf_state... (4) <- use after free [free] l2cap_conn_del + mutex_lock(&conn->chan_lock); ¦ foreach chan in conn->chan_l:... (2) ¦ l2cap_chan_put(chan); ¦ l2cap_chan_destroy ¦ kfree(chan) ... (3) <- chan freed + mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311

Solution(s)

  • ubuntu-upgrade-linux-image-6-8-0-1008-gke
  • ubuntu-upgrade-linux-image-6-8-0-1009-raspi
  • ubuntu-upgrade-linux-image-6-8-0-1010-ibm
  • ubuntu-upgrade-linux-image-6-8-0-1010-oem
  • ubuntu-upgrade-linux-image-6-8-0-1010-oracle
  • ubuntu-upgrade-linux-image-6-8-0-1010-oracle-64k
  • ubuntu-upgrade-linux-image-6-8-0-1011-nvidia
  • ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-64k
  • ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency
  • ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency-64k
  • ubuntu-upgrade-linux-image-6-8-0-1012-azure
  • ubuntu-upgrade-linux-image-6-8-0-1012-azure-fde
  • ubuntu-upgrade-linux-image-6-8-0-1012-gcp
  • ubuntu-upgrade-linux-image-6-8-0-1013-aws
  • ubuntu-upgrade-linux-image-6-8-0-40-generic
  • ubuntu-upgrade-linux-image-6-8-0-40-generic-64k
  • ubuntu-upgrade-linux-image-6-8-0-40-lowlatency
  • ubuntu-upgrade-linux-image-6-8-0-40-lowlatency-64k
  • ubuntu-upgrade-linux-image-aws
  • ubuntu-upgrade-linux-image-azure
  • ubuntu-upgrade-linux-image-azure-fde
  • ubuntu-upgrade-linux-image-gcp
  • ubuntu-upgrade-linux-image-generic
  • ubuntu-upgrade-linux-image-generic-64k
  • ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
  • ubuntu-upgrade-linux-image-generic-hwe-24-04
  • ubuntu-upgrade-linux-image-generic-lpae
  • ubuntu-upgrade-linux-image-gke
  • ubuntu-upgrade-linux-image-ibm
  • ubuntu-upgrade-linux-image-ibm-classic
  • ubuntu-upgrade-linux-image-ibm-lts-24-04
  • ubuntu-upgrade-linux-image-kvm
  • ubuntu-upgrade-linux-image-lowlatency
  • ubuntu-upgrade-linux-image-lowlatency-64k
  • ubuntu-upgrade-linux-image-nvidia
  • ubuntu-upgrade-linux-image-nvidia-6-8
  • ubuntu-upgrade-linux-image-nvidia-64k
  • ubuntu-upgrade-linux-image-nvidia-64k-6-8
  • ubuntu-upgrade-linux-image-nvidia-lowlatency
  • ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
  • ubuntu-upgrade-linux-image-oem-24-04
  • ubuntu-upgrade-linux-image-oem-24-04a
  • ubuntu-upgrade-linux-image-oracle
  • ubuntu-upgrade-linux-image-oracle-64k
  • ubuntu-upgrade-linux-image-raspi
  • ubuntu-upgrade-linux-image-virtual
  • ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

  • https://attackerkb.com/topics/cve-2024-36013
  • CVE - 2024-36013
  • USN-6949-1
  • USN-6949-2
  • USN-6952-1
  • USN-6952-2
  • USN-6955-1
  • 查看数 697
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

游客
回帖…