CVE-2024-42141

{"id": "CVE-2024-42141", "cveTags": [], "metrics": {}, "published": "2024-07-30T08:15:05.917", "references": [{"url": "https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Check socket flag instead of hcon\n\nThis fixes the following Smatch static checker warning:\n\nnet/bluetooth/iso.c:1364 iso_sock_recvmsg()\nerror: we previously assumed 'pi->conn->hcon' could be null (line 1359)\n\nnet/bluetooth/iso.c\n1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg,\n1348 size_t len, int flags)\n1349 {\n1350 struct sock *sk = sock->sk;\n1351 struct iso_pinfo *pi = iso_pi(sk);\n1352\n1353 BT_DBG(\"sk %p\", sk);\n1354\n1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP,\n &bt_sk(sk)->flags)) {\n1356 lock_sock(sk);\n1357 switch (sk->sk_state) {\n1358 case BT_CONNECT2:\n1359 if (pi->conn->hcon &&\n ^^^^^^^^^^^^^^ If ->hcon is NULL\n\n1360 test_bit(HCI_CONN_PA_SYNC,\n &pi->conn->hcon->flags)) {\n1361 iso_conn_big_sync(sk);\n1362 sk->sk_state = BT_LISTEN;\n1363 } else {\n--> 1364 iso_conn_defer_accept(pi->conn->hcon);\n ^^^^^^^^^^^^^^\n then we're toast\n\n1365 sk->sk_state = BT_CONFIG;\n1366 }\n1367 release_sock(sk);\n1368 return 0;\n1369 case BT_CONNECTED:\n1370 if (test_bit(BT_SK_PA_SYNC,"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: ISO: Verifique el indicador de socket en lugar de hcon. Esto corrige la siguiente advertencia del verificador est\u00e1tico de Smatch: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: previamente asumimos 'pi ->conn->hcon' podr\u00eda ser nulo (l\u00ednea 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = calcet\u00edn->sk; 1351 estructura iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG(\"sk%p\",sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 interruptor (sk->sk_state) { 1358 caso BT_CONNECT2: 1359 si (pi->conn->hcon && ^^^^^^^^^^^^^^ Si ->hcon es NULL 1360 test_bit(HCI_CONN_PA_SYNC, &pi ->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { --> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ entonces estamos 1365 sk->sk_state = BT_CONFIG; 1366 } 1367 liberaci\u00f3n_sock(sk); 1368 devuelve 0; 1369 caso BT_CONNECTED: 1370 si (test_bit(BT_SK_PA_SYNC,"}], "lastModified": "2024-07-30T13:32:45.943", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}