AZL-55611

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55611.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-55611

Upstream

CVE-2024-56604

Published

2024-12-27T15:15:19Z

Modified

2026-04-01T05:18:40.782518Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2024-56604 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc()

btsockalloc() attaches allocated sk object to the provided sock object. If rfcommdlcalloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free.

Fix this by swapping calls to btsockalloc() and rfcommdlcalloc().

References

https://nvd.nist.gov/vuln/detail/CVE-2024-56604

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55611.json"