CVE-2024-42132

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42132
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42132.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-42132
Downstream
Related
Published
2024-07-30T08:15:05Z
Modified
2025-08-09T19:01:27Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

bluetooth/hci: disallow setting handle bigger than HCICONNHANDLE_MAX

Syzbot hit warning in hciconndel() caused by freeing handle that was not allocated using ida allocator.

This is caused by handle bigger than HCICONNHANDLEMAX passed by hcilebigsyncestablishedevt(), which makes code think it's unset connection.

Add same check for handle upper bound as in hciconnset_handle() to prevent warning.

References

Affected packages