CVE-2024-42132

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-42132
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42132.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-42132
Downstream
Related
Published
2024-07-30T07:46:27.684Z
Modified
2026-03-13T07:56:13.843131Z
Summary
bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
Details

In the Linux kernel, the following vulnerability has been resolved:

bluetooth/hci: disallow setting handle bigger than HCICONNHANDLE_MAX

Syzbot hit warning in hciconndel() caused by freeing handle that was not allocated using ida allocator.

This is caused by handle bigger than HCICONNHANDLEMAX passed by hcilebigsyncestablishedevt(), which makes code think it's unset connection.

Add same check for handle upper bound as in hciconnset_handle() to prevent warning.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42132.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
84cb0143fb8a03bf941c7aaedd56c938c99dafad
Fixed
4970e48f83dbd21d2a6a7cdaaafc2a71f7f45dc4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
181a42edddf51d5d9697ecdf365d72ebeab5afb0
Fixed
d311036696fed778301d08a71a4bef737b86d8c5
Fixed
1cc18c2ab2e8c54c355ea7c0423a636e415a0c23
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e9f708beada55426c8d678e2f46af659eb5bf4f0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42132.json"