CVE-2024-50125

HIGH EPSS 13.7%
Published Nov 5, 20241y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Nov 5, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
13.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥5.15  –  <6.1.115
linuxlinux_kernel*≥6.2  –  <6.6.59
linuxlinux_kernel*≥6.7  –  <6.11.6
linuxlinux_kernel4.14.263any
linuxlinux_kernel4.19.207any
linuxlinux_kernel5.4.148any
linuxlinux_kernel5.10.67any
linuxlinux_kernel5.13.19any
linuxlinux_kernel5.14.6any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/1bf4470a3939c678fb822073e9ea77a0560bc6bb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74a466a15731a754bcd8b5a83c126b5122e15a45
  • git.kernel.org https://git.kernel.org/stable/c/80b05fbfa998480fb3d5299d93eab946f51e9c36
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ddda5d967e84796e7df1b54a55f36b4b9f21079
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d30803f6a972b5b9e26d1d43b583c7ec151de04b
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1bf4470a3939c678fb822073e9ea77a0560bc6bb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/80b05fbfa998480fb3d5299d93eab946f51e9c36
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ddda5d967e84796e7df1b54a55f36b4b9f21079
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d30803f6a972b5b9e26d1d43b583c7ec151de04b
    Patch