CVE-2024-42132
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42132
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42132.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-42132
- Downstream
- Related
- Published
- 2024-07-30T08:15:05Z
- Modified
- 2025-08-09T19:01:27Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bluetooth/hci: disallow setting handle bigger than HCICONNHANDLE_MAX
Syzbot hit warning in hciconndel() caused by freeing handle that was not allocated using ida allocator.
This is caused by handle bigger than HCICONNHANDLEMAX passed by hcilebigsyncestablishedevt(), which makes code think it's unset connection.
Add same check for handle upper bound as in hciconnset_handle() to prevent warning.
- References