NVD Vulnerability Detail

CVE-2024-50148

Summary	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in proto_unregister There's issue as follows: KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f] CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP: 0010:proto_unregister+0xee/0x400 Call Trace: <TASK> __do_sys_delete_module+0x318/0x580 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f As bnep_init() ignore bnep_sock_init()'s return value, and bnep_sock_init() will cleanup all resource. Then when remove bnep module will call bnep_sock_cleanup() to cleanup sock's resource. To solve above issue just return bnep_sock_init()'s return value in bnep_exit().
Publication Date	Nov. 7, 2024, 7:15 p.m.
Registration Date	Nov. 8, 2024, 5 a.m.
Last Update	Nov. 19, 2024, 6:24 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/fa58e23ea1359bd24b323916d191e2e9b4b19783	Patch
2	https://git.kernel.org/stable/c/03015b6329e6de42f03ec917c25c4cf944f81f66	Patch
3	https://git.kernel.org/stable/c/d10cd7bf574ead01fae140ce117a11bcdacbe6a8	Patch
4	https://git.kernel.org/stable/c/20c424bc475b2b2a6e0e2225d2aae095c2ab2f41	Patch
5	https://git.kernel.org/stable/c/64a90991ba8d4e32e3173ddd83d0b24167a5668c	Patch
6	https://git.kernel.org/stable/c/e232728242c4e98fb30e4c6bedb6ba8b482b6301	Patch
7	https://git.kernel.org/stable/c/2c439470b23d78095a0d2f923342df58b155f669	Patch
8	https://git.kernel.org/stable/c/6c151aeb6dc414db8f4daf51be072e802fae6667	Patch

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における脆弱性

Title	Linux の Linux Kernel における脆弱性
Summary	Linux の Linux Kernel には、不特定の脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 16, 2024, midnight
Registration Date	Nov. 20, 2024, 12:25 p.m.
Last Update	Nov. 20, 2024, 12:25 p.m.

Affected System

Linux

Linux Kernel 2.6.12 以上 4.19.323 未満

Linux Kernel 4.20 以上 5.4.285 未満

Linux Kernel 5.11 以上 5.15.170 未満

Linux Kernel 5.16 以上 6.1.115 未満

Linux Kernel 5.5 以上 5.10.229 未満

Linux Kernel 6.12

Linux Kernel 6.2 以上 6.6.59 未満

Linux Kernel 6.7 以上 6.11.6 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-50148	https://www.cve.org/CVERecord?id=CVE-2024-50148
National Vulnerability Database (NVD)
2	CVE-2024-50148	https://nvd.nist.gov/vuln/detail/CVE-2024-50148

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	Bluetooth: bnep: fix wild-memory-access in proto_unregister (03015b6)	https://git.kernel.org/stable/c/03015b6329e6de42f03ec917c25c4cf944f81f66
2	Bluetooth: bnep: fix wild-memory-access in proto_unregister (20c424b)	https://git.kernel.org/stable/c/20c424bc475b2b2a6e0e2225d2aae095c2ab2f41
3	Bluetooth: bnep: fix wild-memory-access in proto_unregister (2c43947)	https://git.kernel.org/stable/c/2c439470b23d78095a0d2f923342df58b155f669
4	Bluetooth: bnep: fix wild-memory-access in proto_unregister (64a9099)	https://git.kernel.org/stable/c/64a90991ba8d4e32e3173ddd83d0b24167a5668c
5	Bluetooth: bnep: fix wild-memory-access in proto_unregister (6c151ae)	https://git.kernel.org/stable/c/6c151aeb6dc414db8f4daf51be072e802fae6667
6	Bluetooth: bnep: fix wild-memory-access in proto_unregister (d10cd7b)	https://git.kernel.org/stable/c/d10cd7bf574ead01fae140ce117a11bcdacbe6a8
7	Bluetooth: bnep: fix wild-memory-access in proto_unregister (e232728)	https://git.kernel.org/stable/c/e232728242c4e98fb30e4c6bedb6ba8b482b6301
8	Bluetooth: bnep: fix wild-memory-access in proto_unregister (fa58e23)	https://git.kernel.org/stable/c/fa58e23ea1359bd24b323916d191e2e9b4b19783
Linux Kernel
9	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年11月20日] 掲載	Nov. 20, 2024, 12:25 p.m.