CVE-2024-36012
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-36012
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36012.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36012
- Downstream
- Related
- Published
- 2024-05-23T07:03:06Z
- Modified
- 2025-10-14T16:45:03.305002Z
- Summary
- Bluetooth: msft: fix slab-use-after-free in msft_do_close()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: msft: fix slab-use-after-free in msftdoclose()
Tying the msft->data lifetime to hdev by freeing it in hcireleasedev() to fix the following case:
[use] msftdoclose() msft = hdev->msftdata; if (!msft) ...(1) <- passed. return; mutexlock(&msft->filter_lock); ...(4) <- used after freed.
[free] msftunregister() msft = hdev->msftdata; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed.
================================================================== BUG: KASAN: slab-use-after-free in _mutexlockcommon kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in _mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Read of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac
- https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56
- https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940
- https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbf6a4e30ffbd9e9ef8934582feb937f6532f8b68Fixede3880b531b68f98d3941d83f2f6dd11cf4fd6b76
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbf6a4e30ffbd9e9ef8934582feb937f6532f8b68Fixeda85a60e62355e3bf4802dead7938966824b23940
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbf6a4e30ffbd9e9ef8934582feb937f6532f8b68Fixed4f1de02de07748da80a8178879bc7a1df37fdf56
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbf6a4e30ffbd9e9ef8934582feb937f6532f8b68Fixed10f9f426ac6e752c8d87bf4346930ba347aaabac
Affected versions
v5.*
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
Database specific
{
"vanir_signatures": [
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10f9f426ac6e752c8d87bf4346930ba347aaabac",
"id": "CVE-2024-36012-265aa326",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/msft.h"
},
"digest": {
"line_hashes": [
"58201810766092712687339127725190941866",
"52103917349944103567396309943395377420",
"159893875028101944666443484688761424665",
"325074168763523613496819355005067471070",
"43838378994636600387991749598279123319",
"135085599486357976193159128931183026237",
"121464705248442300091444783300236795221",
"145481378011210612917231902649510485254"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f1de02de07748da80a8178879bc7a1df37fdf56",
"id": "CVE-2024-36012-2884abe5",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_release_dev"
},
"digest": {
"length": 862.0,
"function_hash": "135912600833801198942355053264361396103"
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a85a60e62355e3bf4802dead7938966824b23940",
"id": "CVE-2024-36012-2f856f85",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/msft.h"
},
"digest": {
"line_hashes": [
"58201810766092712687339127725190941866",
"52103917349944103567396309943395377420",
"159893875028101944666443484688761424665",
"325074168763523613496819355005067471070",
"43838378994636600387991749598279123319",
"135085599486357976193159128931183026237",
"121464705248442300091444783300236795221",
"145481378011210612917231902649510485254"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f1de02de07748da80a8178879bc7a1df37fdf56",
"id": "CVE-2024-36012-3257f7e3",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/msft.h"
},
"digest": {
"line_hashes": [
"58201810766092712687339127725190941866",
"52103917349944103567396309943395377420",
"159893875028101944666443484688761424665",
"325074168763523613496819355005067471070",
"43838378994636600387991749598279123319",
"135085599486357976193159128931183026237",
"121464705248442300091444783300236795221",
"145481378011210612917231902649510485254"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3880b531b68f98d3941d83f2f6dd11cf4fd6b76",
"id": "CVE-2024-36012-3b39f8ec",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/msft.h"
},
"digest": {
"line_hashes": [
"58201810766092712687339127725190941866",
"52103917349944103567396309943395377420",
"159893875028101944666443484688761424665",
"325074168763523613496819355005067471070",
"43838378994636600387991749598279123319",
"135085599486357976193159128931183026237",
"121464705248442300091444783300236795221",
"145481378011210612917231902649510485254"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a85a60e62355e3bf4802dead7938966824b23940",
"id": "CVE-2024-36012-5559857c",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_release_dev"
},
"digest": {
"length": 862.0,
"function_hash": "135912600833801198942355053264361396103"
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3880b531b68f98d3941d83f2f6dd11cf4fd6b76",
"id": "CVE-2024-36012-6258e78d",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/msft.c"
},
"digest": {
"line_hashes": [
"159477571826385369233176189697694130705",
"333496844789084007782931322231623261405",
"89575239541949298068811464250348693423",
"224474311955867190236523064269106145390"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f1de02de07748da80a8178879bc7a1df37fdf56",
"id": "CVE-2024-36012-76f85918",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/msft.c"
},
"digest": {
"line_hashes": [
"203908432295865204035122287181287257224",
"12235198904194424539696263679649864427",
"89575239541949298068811464250348693423",
"224474311955867190236523064269106145390"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3880b531b68f98d3941d83f2f6dd11cf4fd6b76",
"id": "CVE-2024-36012-7f2c7fdf",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c"
},
"digest": {
"line_hashes": [
"179942895225224323946180564995499168927",
"176077515940290233737758140202816886651",
"2308314712876963186446355187900444927",
"50149002769606144210205140767319134792",
"309227545352447836501596266066334131567",
"312808366268361158156237011164815619881",
"134782048966762469611624733354100618815",
"250890097541430457178371185644564654212"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3880b531b68f98d3941d83f2f6dd11cf4fd6b76",
"id": "CVE-2024-36012-89eba175",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_release_dev"
},
"digest": {
"length": 819.0,
"function_hash": "326971543745352634812335942124994130996"
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a85a60e62355e3bf4802dead7938966824b23940",
"id": "CVE-2024-36012-8b415361",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c"
},
"digest": {
"line_hashes": [
"179942895225224323946180564995499168927",
"176077515940290233737758140202816886651",
"2308314712876963186446355187900444927",
"50149002769606144210205140767319134792",
"309227545352447836501596266066334131567",
"312808366268361158156237011164815619881",
"55336451688995268822882260656670784664",
"109513351200334452222026534095539331706"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10f9f426ac6e752c8d87bf4346930ba347aaabac",
"id": "CVE-2024-36012-8cfa2c77",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_release_dev"
},
"digest": {
"length": 862.0,
"function_hash": "135912600833801198942355053264361396103"
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a85a60e62355e3bf4802dead7938966824b23940",
"id": "CVE-2024-36012-9485bb3d",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/msft.c"
},
"digest": {
"line_hashes": [
"203908432295865204035122287181287257224",
"12235198904194424539696263679649864427",
"89575239541949298068811464250348693423",
"224474311955867190236523064269106145390"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3880b531b68f98d3941d83f2f6dd11cf4fd6b76",
"id": "CVE-2024-36012-968fb12e",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_unregister_dev"
},
"digest": {
"length": 873.0,
"function_hash": "299266584003389354652759387820720297048"
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10f9f426ac6e752c8d87bf4346930ba347aaabac",
"id": "CVE-2024-36012-99a12940",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/msft.c"
},
"digest": {
"line_hashes": [
"203908432295865204035122287181287257224",
"12235198904194424539696263679649864427",
"89575239541949298068811464250348693423",
"224474311955867190236523064269106145390"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a85a60e62355e3bf4802dead7938966824b23940",
"id": "CVE-2024-36012-a1d79e85",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_unregister_dev"
},
"digest": {
"length": 873.0,
"function_hash": "299266584003389354652759387820720297048"
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10f9f426ac6e752c8d87bf4346930ba347aaabac",
"id": "CVE-2024-36012-a8e7c4d9",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_unregister_dev"
},
"digest": {
"length": 873.0,
"function_hash": "299266584003389354652759387820720297048"
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f1de02de07748da80a8178879bc7a1df37fdf56",
"id": "CVE-2024-36012-aba4af76",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c"
},
"digest": {
"line_hashes": [
"179942895225224323946180564995499168927",
"176077515940290233737758140202816886651",
"2308314712876963186446355187900444927",
"50149002769606144210205140767319134792",
"309227545352447836501596266066334131567",
"312808366268361158156237011164815619881",
"55336451688995268822882260656670784664",
"109513351200334452222026534095539331706"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10f9f426ac6e752c8d87bf4346930ba347aaabac",
"id": "CVE-2024-36012-ac4ea4ef",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c"
},
"digest": {
"line_hashes": [
"179942895225224323946180564995499168927",
"176077515940290233737758140202816886651",
"2308314712876963186446355187900444927",
"50149002769606144210205140767319134792",
"309227545352447836501596266066334131567",
"312808366268361158156237011164815619881",
"55336451688995268822882260656670784664",
"164914815806386211835928356898529787956"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f1de02de07748da80a8178879bc7a1df37fdf56",
"id": "CVE-2024-36012-cb8307f3",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_unregister_dev"
},
"digest": {
"length": 873.0,
"function_hash": "299266584003389354652759387820720297048"
},
"deprecated": false
}
]
}