CVE-2024-26801
- Source
- https://cve.org/CVERecord?id=CVE-2024-26801
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26801.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26801
- Downstream
- Related
- Published
- 2024-04-04T08:20:29.211Z
- Modified
- 2026-03-13T07:51:58.683783Z
- Summary
- Bluetooth: Avoid potential use-after-free in hci_error_reset
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Avoid potential use-after-free in hcierrorreset
While handling the HCIEVHARDWAREERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hcidev and lead to a use-after-free in hcierrorreset.
Here's the call trace observed on a ChromeOS device with Intel AX201: queueworkon+0x3e/0x6c __hcicmdsync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? initwaitentry+0x31/0x31 __hcicmdsync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hcierrorreset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>] processonework+0x1d8/0x33f workerthread+0x21b/0x373 kthread+0x13a/0x152 ? prcontwork+0x54/0x54 ? kthreadblkcg+0x31/0x31 retfromfork+0x1f/0x30
This patch holds the reference count on the hcidev while processing a HCIEVHARDWAREERROR event to avoid potential crash.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26801.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592
- https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b
- https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1
- https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2
- https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090
- https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14
- https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1
- https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26801.json
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-26801
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc7741d16a57cbf97eebe53f27e8216b1ff20e20cFixede0b278650f07acf2e0932149183458468a731c03Fixed98fb98fd37e42fd4ce13ff657ea64503e24b6090Fixed6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2Fixedda4569d450b193e39e87119fd316c0291b585d14Fixed45085686b9559bfbe3a4f41d3d695a520668f5e1Fixed2ab9a19d896f5a0dd386e1f001c5309bc35f433bFixeddd594cdc24f2e48dab441732e6dfcafd6b0711d1Fixed2449007d3f73b2842c9734f45f0aadb522daf592