AZL-52061
See a problem?- Import Source
- https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52061.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/AZL-52061
- Upstream
- Published
- 2024-10-29T01:15:04Z
- Modified
- 2026-04-01T05:16:28.728939Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- CVE-2024-50077 affecting package kernel for versions less than 6.6.64.2-1
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: ISO: Fix multiple init when debugfs is disabled
If btdebugfs is not created successfully, which happens if either CONFIGDEBUGFS or CONFIGDEBUGFSALLOWALL is unset, then isoinit() returns early and does not set isoinited to true. This means that a subsequent call to isoinit() will result in duplicate calls to protoregister(), btsock_register(), etc.
With CONFIGLISTHARDENED and CONFIGBUGONDATACORRUPTION enabled, the duplicate call to proto_register() triggers this BUG():
listadd double add: new=ffffffffc0b280d0, prev=ffffffffbab56250, next=ffffffffc0b280d0. ------------[ cut here ]------------ kernel BUG at lib/listdebug.c:35! Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1 RIP: 0010:__listaddvalidorreport+0x9a/0xa0 ... __listaddvalidorreport+0x9a/0xa0 protoregister+0x2b5/0x340 isoinit+0x23/0x150 [bluetooth] setisosocketfunc+0x68/0x1b0 [bluetooth] kmemcachefree+0x308/0x330 hcisock_sendmsg+0x990/0x9e0 [bluetooth] __socksendmsg+0x7b/0x80 sockwriteiter+0x9a/0x110 doiterreadvwritev+0x11d/0x220 vfswritev+0x180/0x3e0 dowritev+0xca/0x100 ...
This change removes the early return. The check for isodebugfs being NULL was unnecessary, it is always NULL when isoinited is false.
- References