CVE-2024-35966

Source
https://cve.org/CVERecord?id=CVE-2024-35966
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35966.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35966
Downstream
Related
Published
2024-05-20T09:41:55.838Z
Modified
2026-07-08T07:45:55.198041624Z
Summary
Bluetooth: RFCOMM: Fix not validating setsockopt user input
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: RFCOMM: Fix not validating setsockopt user input

syzbot reported rfcommsocksetsockopt_old() is copying data without checking user input length.

BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copyfromsockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in rfcommsocksetsockoptold net/bluetooth/rfcomm/sock.c:632 [inline] BUG: KASAN: slab-out-of-bounds in rfcommsocksetsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673 Read of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35966.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bb23c0ab824653be4aa7dfca15b07b3059717004
Fixed
d072ea24748189cd8f4a9c3f585ca9af073a0838
Fixed
00767fbd67af70d7a550caa5b12d9515fa978bab
Fixed
eea40d33bf936a5c7fb03c190e61e0cfee00e872
Fixed
4ea65e2095e9bd151d0469328dd7fc2858feb546
Fixed
c3f787a3eafe519c93df9abbb0ca5145861c8d0f
Fixed
a97de7bff13b1cc825c1b1344eaed8d6c2d3e695

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35966.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.30
Fixed
5.10.234
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.178
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.107
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.47
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35966.json"