CVE-2024-49951
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-49951
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49951.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-49951
- Downstream
- Related
- Published
- 2024-10-21T18:02:07.055Z
- Modified
- 2025-11-16T06:06:07.403844Z
- Summary
- Bluetooth: MGMT: Fix possible crash on mgmt_index_removed
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix possible crash on mgmtindexremoved
If mgmtindexremoved is called while there are commands queued on cmd_sync it could lead to crashes like the bellow trace:
0x0000053D: _listdelentryvalidorreport+0x98/0xdc 0x0000053D: mgmtpendingremove+0x18/0x58 [bluetooth] 0x0000053E: mgmtremoveadvmonitorcomplete+0x80/0x108 [bluetooth] 0x0000053E: hcicmdsync_work+0xbc/0x164 [bluetooth]
So while handling mgmtindexremoved this attempts to dequeue commands passed as userdata to cmdsync.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0cc47233af35fb5f10b5e6a027cb4ccd480caf9a
- https://git.kernel.org/stable/c/19b40ca62607cef78369549d1af091f2fd558931
- https://git.kernel.org/stable/c/4883296505aa7e4863c6869b689afb6005633b23
- https://git.kernel.org/stable/c/8c3f7943a29145d8a2d8e24893762f7673323eae
- https://git.kernel.org/stable/c/f53e1c9c726d83092167f2226f32bd3b73f26c21
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211cFixed19b40ca62607cef78369549d1af091f2fd558931
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211cFixed4883296505aa7e4863c6869b689afb6005633b23
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211cFixed0cc47233af35fb5f10b5e6a027cb4ccd480caf9a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211cFixed8c3f7943a29145d8a2d8e24893762f7673323eae
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211cFixedf53e1c9c726d83092167f2226f32bd3b73f26c21
Affected versions
v5.*
v5.19
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.100
v6.1.101
v6.1.102
v6.1.103
v6.1.104
v6.1.105
v6.1.106
v6.1.107
v6.1.108
v6.1.109
v6.1.11
v6.1.110
v6.1.111
v6.1.112
v6.1.113
v6.1.114
v6.1.115
v6.1.116
v6.1.117
v6.1.118
v6.1.119
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.1.98
v6.1.99
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.10
v6.10.11
v6.10.12
v6.10.13
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f53e1c9c726d83092167f2226f32bd3b73f26c21",
"signature_type": "Line",
"target": {
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-058c8b95",
"digest": {
"line_hashes": [
"304976742471085342138992560462606011643",
"145312612374932053963586573315012414502",
"191976020018039695932830124212503440161",
"148122976760282322517170463976988852260",
"121601631931438311419214203699892167605",
"2871175012200340474122674727450510365",
"241315883291557366903670345547039036025",
"256391293728963179360508767846758492131",
"223182144219335743496882418607840366141",
"209323158427517410840063009481036582596",
"32618022916194404811258847833510222942",
"163758539403450840075532156806241174574",
"336603896891006012994806007534218794204",
"333729178379070607383720018917660041856",
"17768672087909651584869047894381502474",
"207786888789986264089357358409999721658",
"41315553726127569847591585232173840553",
"201777389112950988428079785828702822049",
"312184867917420024823024504867669341079",
"301894833350632987926374661729587554472",
"229519612218141279143503868649018804118",
"330922603955068080175007021919476619287",
"88934932761271278279174590384150868522"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cc47233af35fb5f10b5e6a027cb4ccd480caf9a",
"signature_type": "Function",
"target": {
"function": "cmd_complete_rsp",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-15490816",
"digest": {
"length": 215.0,
"function_hash": "222785466572212201390470180130687720491"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4883296505aa7e4863c6869b689afb6005633b23",
"signature_type": "Function",
"target": {
"function": "cmd_complete_rsp",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-19ad588a",
"digest": {
"length": 215.0,
"function_hash": "222785466572212201390470180130687720491"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f53e1c9c726d83092167f2226f32bd3b73f26c21",
"signature_type": "Function",
"target": {
"function": "cmd_complete_rsp",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-242afb20",
"digest": {
"length": 215.0,
"function_hash": "222785466572212201390470180130687720491"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cc47233af35fb5f10b5e6a027cb4ccd480caf9a",
"signature_type": "Function",
"target": {
"function": "__mgmt_power_off",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-4529e490",
"digest": {
"length": 618.0,
"function_hash": "72538920586979108340043134816342901368"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@19b40ca62607cef78369549d1af091f2fd558931",
"signature_type": "Function",
"target": {
"function": "cmd_complete_rsp",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-4a11e6ee",
"digest": {
"length": 215.0,
"function_hash": "222785466572212201390470180130687720491"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4883296505aa7e4863c6869b689afb6005633b23",
"signature_type": "Function",
"target": {
"function": "__mgmt_power_off",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-54bde50d",
"digest": {
"length": 618.0,
"function_hash": "72538920586979108340043134816342901368"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f53e1c9c726d83092167f2226f32bd3b73f26c21",
"signature_type": "Function",
"target": {
"function": "__mgmt_power_off",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-5ccc34dd",
"digest": {
"length": 618.0,
"function_hash": "72538920586979108340043134816342901368"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f53e1c9c726d83092167f2226f32bd3b73f26c21",
"signature_type": "Function",
"target": {
"function": "mgmt_index_removed",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-7555f109",
"digest": {
"length": 774.0,
"function_hash": "183939361025682661914340737431103434980"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c3f7943a29145d8a2d8e24893762f7673323eae",
"signature_type": "Function",
"target": {
"function": "cmd_complete_rsp",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-785fbecc",
"digest": {
"length": 215.0,
"function_hash": "222785466572212201390470180130687720491"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c3f7943a29145d8a2d8e24893762f7673323eae",
"signature_type": "Function",
"target": {
"function": "__mgmt_power_off",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-8bbf6c87",
"digest": {
"length": 618.0,
"function_hash": "72538920586979108340043134816342901368"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cc47233af35fb5f10b5e6a027cb4ccd480caf9a",
"signature_type": "Function",
"target": {
"function": "mgmt_index_removed",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-b80f29fe",
"digest": {
"length": 774.0,
"function_hash": "183939361025682661914340737431103434980"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c3f7943a29145d8a2d8e24893762f7673323eae",
"signature_type": "Line",
"target": {
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-b9c7cf0b",
"digest": {
"line_hashes": [
"304976742471085342138992560462606011643",
"145312612374932053963586573315012414502",
"191976020018039695932830124212503440161",
"148122976760282322517170463976988852260",
"121601631931438311419214203699892167605",
"2871175012200340474122674727450510365",
"241315883291557366903670345547039036025",
"256391293728963179360508767846758492131",
"223182144219335743496882418607840366141",
"209323158427517410840063009481036582596",
"32618022916194404811258847833510222942",
"163758539403450840075532156806241174574",
"336603896891006012994806007534218794204",
"333729178379070607383720018917660041856",
"17768672087909651584869047894381502474",
"207786888789986264089357358409999721658",
"41315553726127569847591585232173840553",
"201777389112950988428079785828702822049",
"312184867917420024823024504867669341079",
"301894833350632987926374661729587554472",
"229519612218141279143503868649018804118",
"330922603955068080175007021919476619287",
"88934932761271278279174590384150868522"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c3f7943a29145d8a2d8e24893762f7673323eae",
"signature_type": "Function",
"target": {
"function": "mgmt_index_removed",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-c708e883",
"digest": {
"length": 774.0,
"function_hash": "183939361025682661914340737431103434980"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@19b40ca62607cef78369549d1af091f2fd558931",
"signature_type": "Function",
"target": {
"function": "mgmt_index_removed",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-d0f2209e",
"digest": {
"length": 896.0,
"function_hash": "65989225280183280922223776157946833884"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@19b40ca62607cef78369549d1af091f2fd558931",
"signature_type": "Line",
"target": {
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-d464b195",
"digest": {
"line_hashes": [
"304976742471085342138992560462606011643",
"145312612374932053963586573315012414502",
"191976020018039695932830124212503440161",
"148122976760282322517170463976988852260",
"121601631931438311419214203699892167605",
"2871175012200340474122674727450510365",
"241315883291557366903670345547039036025",
"256391293728963179360508767846758492131",
"223182144219335743496882418607840366141",
"204243102835647291404209822605149861246",
"180786018476990902560443601776826305197",
"221143000626099412612645812863303793722",
"244900371403216108175607006230581897230",
"166727638851493691048043658012161879136",
"336603896891006012994806007534218794204",
"333729178379070607383720018917660041856",
"17768672087909651584869047894381502474",
"207786888789986264089357358409999721658",
"41315553726127569847591585232173840553",
"201777389112950988428079785828702822049",
"312184867917420024823024504867669341079",
"301894833350632987926374661729587554472",
"229519612218141279143503868649018804118",
"330922603955068080175007021919476619287",
"88934932761271278279174590384150868522"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cc47233af35fb5f10b5e6a027cb4ccd480caf9a",
"signature_type": "Line",
"target": {
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-e7696ecc",
"digest": {
"line_hashes": [
"304976742471085342138992560462606011643",
"145312612374932053963586573315012414502",
"191976020018039695932830124212503440161",
"148122976760282322517170463976988852260",
"121601631931438311419214203699892167605",
"2871175012200340474122674727450510365",
"241315883291557366903670345547039036025",
"256391293728963179360508767846758492131",
"223182144219335743496882418607840366141",
"209323158427517410840063009481036582596",
"32618022916194404811258847833510222942",
"163758539403450840075532156806241174574",
"336603896891006012994806007534218794204",
"333729178379070607383720018917660041856",
"17768672087909651584869047894381502474",
"207786888789986264089357358409999721658",
"41315553726127569847591585232173840553",
"201777389112950988428079785828702822049",
"312184867917420024823024504867669341079",
"301894833350632987926374661729587554472",
"229519612218141279143503868649018804118",
"330922603955068080175007021919476619287",
"88934932761271278279174590384150868522"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@19b40ca62607cef78369549d1af091f2fd558931",
"signature_type": "Function",
"target": {
"function": "__mgmt_power_off",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-f2adddb9",
"digest": {
"length": 618.0,
"function_hash": "72538920586979108340043134816342901368"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4883296505aa7e4863c6869b689afb6005633b23",
"signature_type": "Function",
"target": {
"function": "mgmt_index_removed",
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-f5b0df90",
"digest": {
"length": 774.0,
"function_hash": "183939361025682661914340737431103434980"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4883296505aa7e4863c6869b689afb6005633b23",
"signature_type": "Line",
"target": {
"file": "net/bluetooth/mgmt.c"
},
"id": "CVE-2024-49951-fe1b99cb",
"digest": {
"line_hashes": [
"304976742471085342138992560462606011643",
"145312612374932053963586573315012414502",
"191976020018039695932830124212503440161",
"148122976760282322517170463976988852260",
"121601631931438311419214203699892167605",
"2871175012200340474122674727450510365",
"241315883291557366903670345547039036025",
"256391293728963179360508767846758492131",
"223182144219335743496882418607840366141",
"209323158427517410840063009481036582596",
"32618022916194404811258847833510222942",
"163758539403450840075532156806241174574",
"336603896891006012994806007534218794204",
"333729178379070607383720018917660041856",
"17768672087909651584869047894381502474",
"207786888789986264089357358409999721658",
"41315553726127569847591585232173840553",
"201777389112950988428079785828702822049",
"312184867917420024823024504867669341079",
"301894833350632987926374661729587554472",
"229519612218141279143503868649018804118",
"330922603955068080175007021919476619287",
"88934932761271278279174590384150868522"
],
"threshold": 0.9
},
"deprecated": false
}
]