CVE-2024-26801 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:4352	2024-07-08T00:00:00Z
kernel-0:4.18.0-553.8.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:4211	2024-07-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
kernel-0:4.18.0-372.111.1.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2024:4447	2024-07-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
kernel-0:4.18.0-372.111.1.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2024:4447	2024-07-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
kernel-0:4.18.0-372.111.1.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:4447	2024-07-10T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.64.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:4740	2024-07-23T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.24.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:4349	2024-07-08T00:00:00Z
kernel-0:5.14.0-427.24.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:4349	2024-07-08T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.73.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4533	2024-07-15T00:00:00Z
kernel-rt-0:5.14.0-284.73.1.rt14.358.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:4554	2024-07-15T00:00:00Z

Link	Providers
https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592
https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b
https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1
https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2
https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090
https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14
https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1
https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/2024040403-CVE-2024-26801-da9f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26801
https://www.cve.org/CVERecord?id=CVE-2024-26801

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-416
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.8:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc6::::::
Vendors & Products		Linux Linux linux Kernel

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26801", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.179Z", "datePublished": "2024-04-04T08:20:29.211Z", "dateUpdated": "2025-05-04T08:56:52.344Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:56:52.344Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Avoid potential use-after-free in hci_error_reset\n\nWhile handling the HCI_EV_HARDWARE_ERROR event, if the underlying\nBT controller is not responding, the GPIO reset mechanism would\nfree the hci_dev and lead to a use-after-free in hci_error_reset.\n\nHere's the call trace observed on a ChromeOS device with Intel AX201:\n   queue_work_on+0x3e/0x6c\n   __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>]\n   ? init_wait_entry+0x31/0x31\n   __hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>]\n   hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>]\n   process_one_work+0x1d8/0x33f\n   worker_thread+0x21b/0x373\n   kthread+0x13a/0x152\n   ? pr_cont_work+0x54/0x54\n   ? kthread_blkcg+0x31/0x31\n    ret_from_fork+0x1f/0x30\n\nThis patch holds the reference count on the hci_dev while processing\na HCI_EV_HARDWARE_ERROR event to avoid potential crash."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/hci_core.c"], "versions": [{"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "e0b278650f07acf2e0932149183458468a731c03", "status": "affected", "versionType": "git"}, {"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "98fb98fd37e42fd4ce13ff657ea64503e24b6090", "status": "affected", "versionType": "git"}, {"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2", "status": "affected", "versionType": "git"}, {"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "da4569d450b193e39e87119fd316c0291b585d14", "status": "affected", "versionType": "git"}, {"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "45085686b9559bfbe3a4f41d3d695a520668f5e1", "status": "affected", "versionType": "git"}, {"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "2ab9a19d896f5a0dd386e1f001c5309bc35f433b", "status": "affected", "versionType": "git"}, {"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "dd594cdc24f2e48dab441732e6dfcafd6b0711d1", "status": "affected", "versionType": "git"}, {"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "2449007d3f73b2842c9734f45f0aadb522daf592", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/hci_core.c"], "versions": [{"version": "4.0", "status": "affected"}, {"version": "0", "lessThan": "4.0", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.309", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.271", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.212", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.151", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.81", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.21", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.9", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "4.19.309"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "5.4.271"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "5.10.212"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "5.15.151"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.1.81"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.6.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.7.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03"}, {"url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090"}, {"url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2"}, {"url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14"}, {"url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1"}, {"url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b"}, {"url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1"}, {"url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592"}], "title": "Bluetooth: Avoid potential use-after-free in hci_error_reset", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.522Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-15T19:27:12.303916Z", "id": "CVE-2024-26801", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T19:27:19.532Z"}}]}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

cveMetadata : { »

cveId : CVE-2024-26801 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-02-19T14:20:24.179Z (string)

datePublished : 2024-04-04T08:20:29.211Z (string)

dateUpdated : 2025-05-04T08:56:52.344Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T08:56:52.344Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-after-free in hci_error_reset. Here's the call trace observed on a ChromeOS device with Intel AX201: queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? init_wait_entry+0x31/0x31 __hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>] process_one_work+0x1d8/0x33f worker_thread+0x21b/0x373 kthread+0x13a/0x152 ? pr_cont_work+0x54/0x54 ? kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 This patch holds the reference count on the hci_dev while processing a HCI_EV_HARDWARE_ERROR event to avoid potential crash. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/bluetooth/hci_core.c (string)

]

versions : [ »

0 : { »

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : e0b278650f07acf2e0932149183458468a731c03 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : 98fb98fd37e42fd4ce13ff657ea64503e24b6090 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : 6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : da4569d450b193e39e87119fd316c0291b585d14 (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : 45085686b9559bfbe3a4f41d3d695a520668f5e1 (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : 2ab9a19d896f5a0dd386e1f001c5309bc35f433b (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (string)

status : affected (string)

versionType : git (string)

}

7 : { »

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : 2449007d3f73b2842c9734f45f0aadb522daf592 (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/bluetooth/hci_core.c (string)

]

versions : [ »

0 : { »

version : 4.0 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 4.0 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 4.19.309 (string)

lessThanOrEqual : 4.19.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 5.4.271 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 5.10.212 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 5.15.151 (string)

lessThanOrEqual : 5.15.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 6.1.81 (string)

lessThanOrEqual : 6.1.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 6.6.21 (string)

lessThanOrEqual : 6.6.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 6.7.9 (string)

lessThanOrEqual : 6.7.* (string)

status : unaffected (string)

versionType : semver (string)

}

9 : { »

version : 6.8 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.0 (string)

versionEndExcluding : 4.19.309 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.0 (string)

versionEndExcluding : 5.4.271 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.0 (string)

versionEndExcluding : 5.10.212 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.0 (string)

versionEndExcluding : 5.15.151 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.0 (string)

versionEndExcluding : 6.1.81 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.0 (string)

versionEndExcluding : 6.6.21 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.0 (string)

versionEndExcluding : 6.7.9 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.0 (string)

versionEndExcluding : 6.8 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b (string)

}

6 : { »

url : https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592 (string)

}

]

title : Bluetooth: Avoid potential use-after-free in hci_error_reset (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T00:14:13.522Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592 (string)

tags : [ »

0 : x_transferred (string)

]

}

8 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

tags : [ »

0 : x_transferred (string)

]

}

9 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-08-15T19:27:12.303916Z (string)

id : CVE-2024-26801 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-08-15T19:27:19.532Z (string)

}

]

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.522Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26801", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-15T19:27:12.303916Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T19:27:16.874Z"}}], "cna": {"title": "Bluetooth: Avoid potential use-after-free in hci_error_reset", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "e0b278650f07acf2e0932149183458468a731c03", "versionType": "git"}, {"status": "affected", "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "98fb98fd37e42fd4ce13ff657ea64503e24b6090", "versionType": "git"}, {"status": "affected", "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2", "versionType": "git"}, {"status": "affected", "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "da4569d450b193e39e87119fd316c0291b585d14", "versionType": "git"}, {"status": "affected", "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "45085686b9559bfbe3a4f41d3d695a520668f5e1", "versionType": "git"}, {"status": "affected", "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "2ab9a19d896f5a0dd386e1f001c5309bc35f433b", "versionType": "git"}, {"status": "affected", "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "dd594cdc24f2e48dab441732e6dfcafd6b0711d1", "versionType": "git"}, {"status": "affected", "version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c", "lessThan": "2449007d3f73b2842c9734f45f0aadb522daf592", "versionType": "git"}], "programFiles": ["net/bluetooth/hci_core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.0"}, {"status": "unaffected", "version": "0", "lessThan": "4.0", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.309", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.271", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.212", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.151", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.81", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.21", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.9", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/bluetooth/hci_core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03"}, {"url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090"}, {"url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2"}, {"url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14"}, {"url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1"}, {"url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b"}, {"url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1"}, {"url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Avoid potential use-after-free in hci_error_reset\n\nWhile handling the HCI_EV_HARDWARE_ERROR event, if the underlying\nBT controller is not responding, the GPIO reset mechanism would\nfree the hci_dev and lead to a use-after-free in hci_error_reset.\n\nHere's the call trace observed on a ChromeOS device with Intel AX201:\n   queue_work_on+0x3e/0x6c\n   __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>]\n   ? init_wait_entry+0x31/0x31\n   __hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>]\n   hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>]\n   process_one_work+0x1d8/0x33f\n   worker_thread+0x21b/0x373\n   kthread+0x13a/0x152\n   ? pr_cont_work+0x54/0x54\n   ? kthread_blkcg+0x31/0x31\n    ret_from_fork+0x1f/0x30\n\nThis patch holds the reference count on the hci_dev while processing\na HCI_EV_HARDWARE_ERROR event to avoid potential crash."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.309", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.271", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.212", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.151", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.81", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.21", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.9", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:56:52.344Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26801", "state": "PUBLISHED", "dateUpdated": "2025-05-04T08:56:52.344Z", "dateReserved": "2024-02-19T14:20:24.179Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-04T08:20:29.211Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592 (string)

tags : [ »

0 : x_transferred (string)

]

}

8 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

tags : [ »

0 : x_transferred (string)

]

}

9 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T00:14:13.522Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-26801 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-08-15T19:27:12.303916Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-08-15T19:27:16.874Z (string)

}

]

cna : { »

title : Bluetooth: Avoid potential use-after-free in hci_error_reset (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : e0b278650f07acf2e0932149183458468a731c03 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : 98fb98fd37e42fd4ce13ff657ea64503e24b6090 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : 6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : da4569d450b193e39e87119fd316c0291b585d14 (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : 45085686b9559bfbe3a4f41d3d695a520668f5e1 (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : 2ab9a19d896f5a0dd386e1f001c5309bc35f433b (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (string)

versionType : git (string)

}

7 : { »

status : affected (string)

version : c7741d16a57cbf97eebe53f27e8216b1ff20e20c (string)

lessThan : 2449007d3f73b2842c9734f45f0aadb522daf592 (string)

versionType : git (string)

}

]

programFiles : [ »

0 : net/bluetooth/hci_core.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.0 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 4.0 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 4.19.309 (string)

versionType : semver (string)

lessThanOrEqual : 4.19.* (string)

}

3 : { »

status : unaffected (string)

version : 5.4.271 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

4 : { »

status : unaffected (string)

version : 5.10.212 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

5 : { »

status : unaffected (string)

version : 5.15.151 (string)

versionType : semver (string)

lessThanOrEqual : 5.15.* (string)

}

6 : { »

status : unaffected (string)

version : 6.1.81 (string)

versionType : semver (string)

lessThanOrEqual : 6.1.* (string)

}

7 : { »

status : unaffected (string)

version : 6.6.21 (string)

versionType : semver (string)

lessThanOrEqual : 6.6.* (string)

}

8 : { »

status : unaffected (string)

version : 6.7.9 (string)

versionType : semver (string)

lessThanOrEqual : 6.7.* (string)

}

9 : { »

status : unaffected (string)

version : 6.8 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : net/bluetooth/hci_core.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b (string)

}

6 : { »

url : https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592 (string)

}

]

x_generator : { »

engine : bippy-1.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-after-free in hci_error_reset. Here's the call trace observed on a ChromeOS device with Intel AX201: queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? init_wait_entry+0x31/0x31 __hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>] process_one_work+0x1d8/0x33f worker_thread+0x21b/0x373 kthread+0x13a/0x152 ? pr_cont_work+0x54/0x54 ? kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 This patch holds the reference count on the hci_dev while processing a HCI_EV_HARDWARE_ERROR event to avoid potential crash. (string)

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

negate : false (boolean)

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.19.309 (string)

versionStartIncluding : 4.0 (string)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.4.271 (string)

versionStartIncluding : 4.0 (string)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.10.212 (string)

versionStartIncluding : 4.0 (string)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.15.151 (string)

versionStartIncluding : 4.0 (string)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.1.81 (string)

versionStartIncluding : 4.0 (string)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.6.21 (string)

versionStartIncluding : 4.0 (string)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.7.9 (string)

versionStartIncluding : 4.0 (string)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.8 (string)

versionStartIncluding : 4.0 (string)

}

]

operator : OR (string)

}

]

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T08:56:52.344Z (string)

}

cveMetadata : { »

cveId : CVE-2024-26801 (string)

state : PUBLISHED (string)

dateUpdated : 2025-05-04T08:56:52.344Z (string)

dateReserved : 2024-02-19T14:20:24.179Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-04-04T08:20:29.211Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF2CC731-FB5F-4BC2-8534-444E3A0DBB80", "versionEndExcluding": "4.19.309", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BE17E30-58A5-468C-A06E-28C355F4F8DD", "versionEndExcluding": "5.4.271", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "01B34738-A022-44A9-9250-DCBC76539CB9", "versionEndExcluding": "5.10.212", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEAFD33E-C22F-4FB1-A417-9C96AB3E0358", "versionEndExcluding": "5.15.151", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC825B0E-DFCA-4034-9B92-F111A4E2A732", "versionEndExcluding": "6.1.81", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B19074A2-9FE5-4E7D-9E2D-020F95013ADA", "versionEndExcluding": "6.6.21", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C538467-EDA0-4A9A-82EB-2925DE9FF827", "versionEndExcluding": "6.7.9", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*", "matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*", "matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Avoid potential use-after-free in hci_error_reset\n\nWhile handling the HCI_EV_HARDWARE_ERROR event, if the underlying\nBT controller is not responding, the GPIO reset mechanism would\nfree the hci_dev and lead to a use-after-free in hci_error_reset.\n\nHere's the call trace observed on a ChromeOS device with Intel AX201:\n   queue_work_on+0x3e/0x6c\n   __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>]\n   ? init_wait_entry+0x31/0x31\n   __hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>]\n   hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>]\n   process_one_work+0x1d8/0x33f\n   worker_thread+0x21b/0x373\n   kthread+0x13a/0x152\n   ? pr_cont_work+0x54/0x54\n   ? kthread_blkcg+0x31/0x31\n    ret_from_fork+0x1f/0x30\n\nThis patch holds the reference count on the hci_dev while processing\na HCI_EV_HARDWARE_ERROR event to avoid potential crash."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: evite el posible use-after-free en hci_error_reset Mientras se maneja el evento HCI_EV_HARDWARE_ERROR, si el controlador BT subyacente no responde, el mecanismo de reinicio de GPIO liberar\u00eda hci_dev y provocar\u00eda un error. use-after-free en hci_error_reset. Este es el seguimiento de llamadas observado en un dispositivo ChromeOS con Intel AX201: queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth ] ? init_wait_entry+0x31/0x31 __hci_cmd_sync+0x16/0x20 [bluetooth ] hci_error_reset+0x4f/0xa4 [bluetooth ] Process_one_work+0x1d8/0x33f trabajador_thread+0x21b/0x373 kthread+0x13a /0x152 ? pr_cont_work+0x54/0x54? kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 Este parche mantiene el recuento de referencias en hci_dev mientras procesa un evento HCI_EV_HARDWARE_ERROR para evitar posibles fallas."}], "id": "CVE-2024-26801", "lastModified": "2024-12-20T15:52:36.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-04T09:15:09.050", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CF2CC731-FB5F-4BC2-8534-444E3A0DBB80 (string)

versionEndExcluding : 4.19.309 (string)

versionStartIncluding : 4.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7BE17E30-58A5-468C-A06E-28C355F4F8DD (string)

versionEndExcluding : 5.4.271 (string)

versionStartIncluding : 4.20 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 01B34738-A022-44A9-9250-DCBC76539CB9 (string)

versionEndExcluding : 5.10.212 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EEAFD33E-C22F-4FB1-A417-9C96AB3E0358 (string)

versionEndExcluding : 5.15.151 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EC825B0E-DFCA-4034-9B92-F111A4E2A732 (string)

versionEndExcluding : 6.1.81 (string)

versionStartIncluding : 5.16 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B19074A2-9FE5-4E7D-9E2D-020F95013ADA (string)

versionEndExcluding : 6.6.21 (string)

versionStartIncluding : 6.2 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1C538467-EDA0-4A9A-82EB-2925DE9FF827 (string)

versionEndExcluding : 6.7.9 (string)

versionStartIncluding : 6.7 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* (string)

matchCriteriaId : B9F4EA73-0894-400F-A490-3A397AB7A517 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 056BD938-0A27-4569-B391-30578B309EE3 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:* (string)

matchCriteriaId : F02056A5-B362-4370-9FF8-6F0BD384D520 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:* (string)

matchCriteriaId : 62075ACE-B2A0-4B16-829D-B3DA5AE5CC41 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:* (string)

matchCriteriaId : A780F817-2A77-4130-A9B7-5C25606314E3 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:* (string)

matchCriteriaId : AEB9199B-AB8F-4877-8964-E2BA95B5F15C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-after-free in hci_error_reset. Here's the call trace observed on a ChromeOS device with Intel AX201: queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? init_wait_entry+0x31/0x31 __hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>] process_one_work+0x1d8/0x33f worker_thread+0x21b/0x373 kthread+0x13a/0x152 ? pr_cont_work+0x54/0x54 ? kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 This patch holds the reference count on the hci_dev while processing a HCI_EV_HARDWARE_ERROR event to avoid potential crash. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: evite el posible use-after-free en hci_error_reset Mientras se maneja el evento HCI_EV_HARDWARE_ERROR, si el controlador BT subyacente no responde, el mecanismo de reinicio de GPIO liberaría hci_dev y provocaría un error. use-after-free en hci_error_reset. Este es el seguimiento de llamadas observado en un dispositivo ChromeOS con Intel AX201: queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth ] ? init_wait_entry+0x31/0x31 __hci_cmd_sync+0x16/0x20 [bluetooth ] hci_error_reset+0x4f/0xa4 [bluetooth ] Process_one_work+0x1d8/0x33f trabajador_thread+0x21b/0x373 kthread+0x13a /0x152 ? pr_cont_work+0x54/0x54? kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 Este parche mantiene el recuento de referencias en hci_dev mientras procesa un evento HCI_EV_HARDWARE_ERROR para evitar posibles fallas. (string)

}

]

id : CVE-2024-26801 (string)

lastModified : 2024-12-20T15:52:36.293 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-04-04T09:15:09.050 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090 (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14 (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (string)

}

7 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2024:4352", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4211", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.8.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:4447", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.111.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4447", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.111.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4447", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.111.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4740", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.64.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-07-23T00:00:00Z"}, {"advisory": "RHSA-2024:4349", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.24.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4349", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.24.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4533", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.73.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-15T00:00:00Z"}, {"advisory": "RHSA-2024:4554", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.73.1.rt14.358.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-15T00:00:00Z"}], "bugzilla": {"description": "kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset", "id": "2273429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273429"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: Avoid potential use-after-free in hci_error_reset\nWhile handling the HCI_EV_HARDWARE_ERROR event, if the underlying\nBT controller is not responding, the GPIO reset mechanism would\nfree the hci_dev and lead to a use-after-free in hci_error_reset.\nHere's the call trace observed on a ChromeOS device with Intel AX201:\nqueue_work_on+0x3e/0x6c\n__hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>]\n? init_wait_entry+0x31/0x31\n__hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>]\nhci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>]\nprocess_one_work+0x1d8/0x33f\nworker_thread+0x21b/0x373\nkthread+0x13a/0x152\n? pr_cont_work+0x54/0x54\n? kthread_blkcg+0x31/0x31\nret_from_fork+0x1f/0x30\nThis patch holds the reference count on the hci_dev while processing\na HCI_EV_HARDWARE_ERROR event to avoid potential crash.", "A use-after-free flaw was found in the Linux kernel\u2019s Bluetooth subsystem in how it handles hardware failure when it occurs. This flaw allows a local user to potentially crash the system."], "name": "CVE-2024-26801", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26801\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26801\nhttps://lore.kernel.org/linux-cve-announce/2024040403-CVE-2024-26801-da9f@gregkh/T"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2024:4352 (string)

cpe : cpe:/a:redhat:enterprise_linux:8::nfv (string)

package : kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2024-07-08T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2024:4211 (string)

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

package : kernel-0:4.18.0-553.8.1.el8_10 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2024-07-02T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2024:4447 (string)

cpe : cpe:/o:redhat:rhel_aus:8.6 (string)

package : kernel-0:4.18.0-372.111.1.el8_6 (string)

product_name : Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support (string)

release_date : 2024-07-10T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2024:4447 (string)

cpe : cpe:/o:redhat:rhel_tus:8.6 (string)

package : kernel-0:4.18.0-372.111.1.el8_6 (string)

product_name : Red Hat Enterprise Linux 8.6 Telecommunications Update Service (string)

release_date : 2024-07-10T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2024:4447 (string)

cpe : cpe:/o:redhat:rhel_e4s:8.6 (string)

package : kernel-0:4.18.0-372.111.1.el8_6 (string)

product_name : Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions (string)

release_date : 2024-07-10T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2024:4740 (string)

cpe : cpe:/o:redhat:rhel_eus:8.8 (string)

package : kernel-0:4.18.0-477.64.1.el8_8 (string)

product_name : Red Hat Enterprise Linux 8.8 Extended Update Support (string)

release_date : 2024-07-23T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2024:4349 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-427.24.1.el9_4 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2024-07-08T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2024:4349 (string)

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-427.24.1.el9_4 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2024-07-08T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2024:4533 (string)

cpe : cpe:/a:redhat:rhel_eus:9.2 (string)

package : kernel-0:5.14.0-284.73.1.el9_2 (string)

product_name : Red Hat Enterprise Linux 9.2 Extended Update Support (string)

release_date : 2024-07-15T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2024:4554 (string)

cpe : cpe:/a:redhat:rhel_eus:9.2::nfv (string)

package : kernel-rt-0:5.14.0-284.73.1.rt14.358.el9_2 (string)

product_name : Red Hat Enterprise Linux 9.2 Extended Update Support (string)

release_date : 2024-07-15T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (string)

id : 2273429 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2273429 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

status : verified (string)

}

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-after-free in hci_error_reset. Here's the call trace observed on a ChromeOS device with Intel AX201: queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? init_wait_entry+0x31/0x31 __hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>] process_one_work+0x1d8/0x33f worker_thread+0x21b/0x373 kthread+0x13a/0x152 ? pr_cont_work+0x54/0x54 ? kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 This patch holds the reference count on the hci_dev while processing a HCI_EV_HARDWARE_ERROR event to avoid potential crash. (string)

1 : A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in how it handles hardware failure when it occurs. This flaw allows a local user to potentially crash the system. (string)

]

name : CVE-2024-26801 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-04-04T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-26801 https://nvd.nist.gov/vuln/detail/CVE-2024-26801 https://lore.kernel.org/linux-cve-announce/2024040403-CVE-2024-26801-da9f@gregkh/T (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object