CVE-2024-26886

{"id": "CVE-2024-26886", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-04-17T11:15:10.253", "references": [{"url": "https://git.kernel.org/stable/c/0625d7c240b307b78640dcd823cb738cb900a8ba", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2c9e2df022ef8b9d7fac58a04a2ef4ed25288955", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/64be3c6154886200708da0dfe259705fb992416c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/817e8138ce86001b2fa5c63d6ede756e205a01f7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cb8adca52f306563d958a863bb0cbae9c184d1ae", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f7b94bdc1ec107c92262716b073b3e816d4784fb", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2c9e2df022ef8b9d7fac58a04a2ef4ed25288955", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/64be3c6154886200708da0dfe259705fb992416c", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/817e8138ce86001b2fa5c63d6ede756e205a01f7", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/cb8adca52f306563d958a863bb0cbae9c184d1ae", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/f7b94bdc1ec107c92262716b073b3e816d4784fb", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: af_bluetooth: Fix deadlock\n\nAttemting to do sock_lock on .recvmsg may cause a deadlock as shown\nbellow, so instead of using sock_sock this uses sk_receive_queue.lock\non bt_sock_ioctl to avoid the UAF:\n\nINFO: task kworker/u9:1:121 blocked for more than 30 seconds.\n Not tainted 6.7.6-lemon #183\nWorkqueue: hci0 hci_rx_work\nCall Trace:\n <TASK>\n __schedule+0x37d/0xa00\n schedule+0x32/0xe0\n __lock_sock+0x68/0xa0\n ? __pfx_autoremove_wake_function+0x10/0x10\n lock_sock_nested+0x43/0x50\n l2cap_sock_recv_cb+0x21/0xa0\n l2cap_recv_frame+0x55b/0x30a0\n ? psi_task_switch+0xeb/0x270\n ? finish_task_switch.isra.0+0x93/0x2a0\n hci_rx_work+0x33a/0x3f0\n process_one_work+0x13a/0x2f0\n worker_thread+0x2f0/0x410\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe0/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: af_bluetooth: Reparar interbloqueo Intentar ejecutar sock_lock en .recvmsg puede causar un interbloqueo como se muestra a continuaci\u00f3n, por lo que en lugar de usar sock_sock, usa sk_receive_queue.lock en bt_sock_ioctl para evitar el UAF: INFORMACI\u00d3N: tarea kworker/u9:1:121 bloqueada durante m\u00e1s de 30 segundos. No contaminado 6.7.6-lemon #183 Cola de trabajo: hci0 hci_rx_work Seguimiento de llamadas: __schedule+0x37d/0xa00 Schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270? terminar_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 proceso_one_work+0x13a/0x2f0 trabajador_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 "}], "lastModified": "2024-12-04T18:15:13.987", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}