CVE-2024-56604

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-56604
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56604.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-56604
Downstream
Related
Published
2024-12-27T15:15:19Z
Modified
2025-08-09T19:01:27Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc()

btsockalloc() attaches allocated sk object to the provided sock object. If rfcommdlcalloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free.

Fix this by swapping calls to btsockalloc() and rfcommdlcalloc().

References

Affected packages