DEBIAN-CVE-2024-36968

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/DEBIAN-CVE-2024-36968
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-36968.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-36968
Upstream
Published
2024-06-08T13:15:58Z
Modified
2025-09-19T03:10:47Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2capleflowctlinit() l2capleflowctlinit() can cause both div-by-zero and an integer overflow since hdev->lemtu may not fall in the valid range. Move MTU from hcidev to hciconn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in readbuffersize() and make it return an error value if the validation fails. Now hciconnadd() returns ERRPTR() as it can fail due to the both a kzalloc failure and invalid MTU value. divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci0 hcirxwork RIP: 0010:l2capleflowctlinit+0x19e/0x3f0 net/bluetooth/l2capcore.c:547 Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42 RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246 RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084 R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000 FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> l2capleconnectreq net/bluetooth/l2capcore.c:4902 [inline] l2caplesigcmd net/bluetooth/l2capcore.c:5420 [inline] l2caplesigchannel net/bluetooth/l2capcore.c:5486 [inline] l2caprecvframe+0xe59d/0x11710 net/bluetooth/l2capcore.c:6809 l2caprecvacldata+0x544/0x10a0 net/bluetooth/l2capcore.c:7506 hciacldatapacket net/bluetooth/hcicore.c:3939 [inline] hcirxwork+0x5e5/0xb20 net/bluetooth/hcicore.c:4176 processonework kernel/workqueue.c:3254 [inline] processscheduledworks+0x90f/0x1530 kernel/workqueue.c:3335 workerthread+0x926/0xe70 kernel/workqueue.c:3416 kthread+0x2e3/0x380 kernel/kthread.c:388 retfromfork+0x5c/0x90 arch/x86/kernel/process.c:147 retfromforkasm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]---

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.8.11-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.8.11-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}