CVE-2024-56605

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-56605
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56605.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-56605
Downstream
Related
Published
2024-12-27T14:51:10.344Z
Modified
2026-05-15T11:53:24.802743011Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate()

btsockalloc() allocates the sk object and attaches it to the provided sock object. On error l2capsockalloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56605.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.6.0
Fixed
5.4.287
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.231
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.174
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.120
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.66
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56605.json"