exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2024-27398

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection is timeout. The sock will be deallocated later, but it is dereferenced again in sco_sock_timeout. As a result, the use-after-free bugs will happen. The root cause is shown below: Cleanup Thread | Worker Thread sco_sock_release | sco_sock_close | __sco_sock_close | sco_sock_set_timer | schedule_delayed_work | sco_sock_kill | (wait a time) sock_put(sk) //FREE | sco_sock_timeout | sock_hold(sk) //USE The KASAN report triggered by POC is shown below: [ 95.890016] ================================================================== [ 95.890496] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x5e/0x1c0 [ 95.890755] Write of size 4 at addr ffff88800c388080 by task kworker/0:0/7 ... [ 95.890755] Workqueue: events sco_sock_timeout [ 95.890755] Call Trace: [ 95.890755] <TASK> [ 95.890755] dump_stack_lvl+0x45/0x110 [ 95.890755] print_address_description+0x78/0x390 [ 95.890755] print_report+0x11b/0x250 [ 95.890755] ? __virt_addr_valid+0xbe/0xf0 [ 95.890755] ? sco_sock_timeout+0x5e/0x1c0 [ 95.890755] kasan_report+0x139/0x170 [ 95.890755] ? update_load_avg+0xe5/0x9f0 [ 95.890755] ? sco_sock_timeout+0x5e/0x1c0 [ 95.890755] kasan_check_range+0x2c3/0x2e0 [ 95.890755] sco_sock_timeout+0x5e/0x1c0 [ 95.890755] process_one_work+0x561/0xc50 [ 95.890755] worker_thread+0xab2/0x13c0 [ 95.890755] ? pr_cont_work+0x490/0x490 [ 95.890755] kthread+0x279/0x300 [ 95.890755] ? pr_cont_work+0x490/0x490 [ 95.890755] ? kthread_blkcg+0xa0/0xa0 [ 95.890755] ret_from_fork+0x34/0x60 [ 95.890755] ? kthread_blkcg+0xa0/0xa0 [ 95.890755] ret_from_fork_asm+0x11/0x20 [ 95.890755] </TASK> [ 95.890755] [ 95.890755] Allocated by task 506: [ 95.890755] kasan_save_track+0x3f/0x70 [ 95.890755] __kasan_kmalloc+0x86/0x90 [ 95.890755] __kmalloc+0x17f/0x360 [ 95.890755] sk_prot_alloc+0xe1/0x1a0 [ 95.890755] sk_alloc+0x31/0x4e0 [ 95.890755] bt_sock_alloc+0x2b/0x2a0 [ 95.890755] sco_sock_create+0xad/0x320 [ 95.890755] bt_sock_create+0x145/0x320 [ 95.890755] __sock_create+0x2e1/0x650 [ 95.890755] __sys_socket+0xd0/0x280 [ 95.890755] __x64_sys_socket+0x75/0x80 [ 95.890755] do_syscall_64+0xc4/0x1b0 [ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 95.890755] [ 95.890755] Freed by task 506: [ 95.890755] kasan_save_track+0x3f/0x70 [ 95.890755] kasan_save_free_info+0x40/0x50 [ 95.890755] poison_slab_object+0x118/0x180 [ 95.890755] __kasan_slab_free+0x12/0x30 [ 95.890755] kfree+0xb2/0x240 [ 95.890755] __sk_destruct+0x317/0x410 [ 95.890755] sco_sock_release+0x232/0x280 [ 95.890755] sock_close+0xb2/0x210 [ 95.890755] __fput+0x37f/0x770 [ 95.890755] task_work_run+0x1ae/0x210 [ 95.890755] get_signal+0xe17/0xf70 [ 95.890755] arch_do_signal_or_restart+0x3f/0x520 [ 95.890755] syscall_exit_to_user_mode+0x55/0x120 [ 95.890755] do_syscall_64+0xd1/0x1b0 [ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 95.890755] [ 95.890755] The buggy address belongs to the object at ffff88800c388000 [ 95.890755] which belongs to the cache kmalloc-1k of size 1024 [ 95.890755] The buggy address is located 128 bytes inside of [ 95.890755] freed 1024-byte region [ffff88800c388000, ffff88800c388400) [ 95.890755] [ 95.890755] The buggy address belongs to the physical page: [ 95.890755] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c38a800 pfn:0xc388 [ 95.890755] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 95.890755] ano ---truncated---

Related Files

Kernel Live Patch Security Notice LSN-0107-1
Posted Nov 8, 2024
Authored by Benjamin M. Romer

A significant amount of vulnerabilities in the Linux kernel have been resolved that include use-after-free and race conditions.

tags | advisory, kernel, vulnerability
systems | linux
advisories | CVE-2024-26921, CVE-2024-26923, CVE-2024-26960, CVE-2024-27398, CVE-2024-38630
SHA-256 | 3c4aa657332e471e0afcc51d21aee6fff06e4a36546324a5192a3e9b2e276e14
Ubuntu Security Notice USN-6979-1
Posted Aug 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6979-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2021-47131, CVE-2022-48655, CVE-2022-48772, CVE-2023-52434, CVE-2023-52585, CVE-2023-52882, CVE-2024-26583, CVE-2024-26584, CVE-2024-26907, CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621
SHA-256 | 45181d380e756f99b4eeeafa375e2c8cc12259e016b7c9172bb138604b02156d
Ubuntu Security Notice USN-6951-4
Posted Aug 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6951-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886
SHA-256 | 2e3a6db3903dd7ff1828623ddc100aac2e91d93abaa3a75a243873864d1eb7e3
Ubuntu Security Notice USN-6951-3
Posted Aug 20, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6951-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886
SHA-256 | 8c1f01b0663bf22998e19385fae707029ea2e6973bc55394b2ca20ee8e51eff8
Ubuntu Security Notice USN-6951-2
Posted Aug 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6951-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886
SHA-256 | 40333bcb6bfcef7ef0b04b1f7dd14dc7bd1927d82916fa3e2c056ec935a480dd
Ubuntu Security Notice USN-6949-2
Posted Aug 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6949-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2023-52882, CVE-2024-27394, CVE-2024-27395, CVE-2024-27398, CVE-2024-27401, CVE-2024-35846, CVE-2024-35847, CVE-2024-35850, CVE-2024-35852, CVE-2024-35854, CVE-2024-35856, CVE-2024-35858, CVE-2024-35859, CVE-2024-35949
SHA-256 | cd80fe22658722af52da15543cf446c4bb8a4031831b20aed105f0e174f6fe35
Ubuntu Security Notice USN-6957-1
Posted Aug 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6957-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52585, CVE-2023-52752, CVE-2024-25742, CVE-2024-26886, CVE-2024-26900, CVE-2024-26936, CVE-2024-26952, CVE-2024-26980, CVE-2024-27398, CVE-2024-27401, CVE-2024-35848, CVE-2024-36017, CVE-2024-36031, CVE-2024-36880
SHA-256 | 1b6c671ad22c716b20a65f830f590ef38c4830f15665bdd63a827e4614b24266
Ubuntu Security Notice USN-6956-1
Posted Aug 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6956-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52585, CVE-2023-52882, CVE-2024-25742, CVE-2024-26886, CVE-2024-26900, CVE-2024-26980, CVE-2024-27017, CVE-2024-27398, CVE-2024-27401, CVE-2024-35848, CVE-2024-35947, CVE-2024-36016, CVE-2024-36017, CVE-2024-36883
SHA-256 | f464d432d9b36ce1075f907239578c853edeab79402ddca247833a78cc930be9
Ubuntu Security Notice USN-6955-1
Posted Aug 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6955-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2023-52882, CVE-2024-27396, CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-35846, CVE-2024-35847, CVE-2024-35850, CVE-2024-35852, CVE-2024-35854, CVE-2024-35858, CVE-2024-35947, CVE-2024-35949, CVE-2024-35983
SHA-256 | f52294c61eaa6af90fd8451686e8bc506a5d1b65dae9073f40211e6668f02be8
Ubuntu Security Notice USN-6953-1
Posted Aug 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6953-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2021-47131, CVE-2022-48655, CVE-2022-48674, CVE-2023-52434, CVE-2023-52882, CVE-2024-26583, CVE-2024-26907, CVE-2024-27398, CVE-2024-27401, CVE-2024-33621, CVE-2024-35976, CVE-2024-36016, CVE-2024-36017, CVE-2024-36270
SHA-256 | b1ed67fee33b4917c2d819ae313e1d458b7c4e2db993a5cf83d2ec6c6b54d6dd
Ubuntu Security Notice USN-6951-1
Posted Aug 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6951-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886
SHA-256 | 1b2472c9b386990fb946c9155e64b258ce63d178132ad4b837e17958bee5634b
Ubuntu Security Notice USN-6949-1
Posted Aug 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6949-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2023-52882, CVE-2024-27394, CVE-2024-27395, CVE-2024-27398, CVE-2024-27401, CVE-2024-35846, CVE-2024-35847, CVE-2024-35850, CVE-2024-35852, CVE-2024-35854, CVE-2024-35856, CVE-2024-35858, CVE-2024-35859, CVE-2024-35949
SHA-256 | 321410c5b4251ead308a6d0e8e636928b98e29f0e76f8570af6ff7cec4a63b09
Debian Security Advisory 5703-1
Posted Jun 3, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5703-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2022-48655, CVE-2023-52585, CVE-2023-52882, CVE-2024-26900, CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-35848, CVE-2024-35947, CVE-2024-36017, CVE-2024-36031, CVE-2024-36883, CVE-2024-36886, CVE-2024-36889
SHA-256 | 1476333bf5c1e2baed03920f541d970630980c5dab7ff43468471a8a13244d8e
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close