CVE-2024-36012

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-36012
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36012.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-36012
Downstream
Related
Published
2024-05-23T07:03:06.904Z
Modified
2026-03-13T07:55:27.309932Z
Summary
Bluetooth: msft: fix slab-use-after-free in msft_do_close()
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: msft: fix slab-use-after-free in msftdoclose()

Tying the msft->data lifetime to hdev by freeing it in hcireleasedev() to fix the following case:

[use] msftdoclose() msft = hdev->msftdata; if (!msft) ...(1) <- passed. return; mutexlock(&msft->filter_lock); ...(4) <- used after freed.

[free] msftunregister() msft = hdev->msftdata; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed.

================================================================== BUG: KASAN: slab-use-after-free in __mutexlockcommon kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in _mutexlock+0x8f/0xc30 kernel/locking/mutex.c:752 Read of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36012.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bf6a4e30ffbd9e9ef8934582feb937f6532f8b68
Fixed
e3880b531b68f98d3941d83f2f6dd11cf4fd6b76
Fixed
a85a60e62355e3bf4802dead7938966824b23940
Fixed
4f1de02de07748da80a8178879bc7a1df37fdf56
Fixed
10f9f426ac6e752c8d87bf4346930ba347aaabac

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36012.json"