Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2024-56653 | First vendor Publication | 2024-12-27 |
| Vendor | Cve | Last vendor Modification | 2025-02-10 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.8 | ||
| Base Score | 7.8 | Environmental Score | 7.8 |
| impact SubScore | 5.9 | Temporal Score | 7.8 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: avoid UAF in btmtk_process_coredump hci_devcd_append may lead to the release of the skb, so it cannot be accessed once it is called. ================================================================== BUG: KASAN: slab-use-after-free in btmtk_process_coredump+0x2a7/0x2d0 [btmtk] Read of size 4 at addr ffff888033cfabb0 by task kworker/0:3/82 CPU: 0 PID: 82 Comm: kworker/0:3 Tainted: G U 6.6.40-lockdep-03464-g1d8b4eb3060e #1 b0b3c1cc0c842735643fb411799d97921d1f688c Hardware name: Google Yaviks_Ufs/Yaviks_Ufs, BIOS Google_Yaviks_Ufs.15217.552.0 05/07/2024 Workqueue: events btusb_rx_work [btusb] Call Trace: Allocated by task 82: Freed by task 1733: The buggy address belongs to the object at ffff888033cfab40 The buggy address belongs to the physical page: page:00000000a174ba93 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33cfa head:00000000a174ba93 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 anon flags: 0x4000000000000840(slab|head|zone=1) page_type: 0xffffffff() raw: 4000000000000840 ffff888100848a00 0000000000000000 0000000000000001 raw: 0000000000000000 0000000080190019 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: Check if we need to call hci_devcd_complete before calling hci_devcd_append. That requires that we check data->cd_info.cnt >= MTK_COREDUMP_NUM instead of data->cd_info.cnt > MTK_COREDUMP_NUM, as we increment data->cd_info.cnt only once the call to hci_devcd_append succeeds. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56653 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-416 | Use After Free |
CPE : Common Platform Enumeration
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2025-07-15 02:41:13 |
|
| 2025-07-14 12:38:30 |
|
| 2025-06-26 02:38:27 |
|
| 2025-06-25 12:36:31 |
|
| 2025-06-24 02:43:05 |
|
| 2025-05-27 02:48:31 |
|
| 2025-03-29 03:44:24 |
|
| 2025-03-28 13:47:40 |
|
| 2025-03-28 03:22:13 |
|
| 2025-03-19 03:17:02 |
|
| 2025-03-18 03:30:02 |
|
| 2025-03-14 03:17:09 |
|
| 2025-03-06 14:13:42 |
|
| 2025-02-22 03:27:14 |
|
| 2025-02-11 17:20:37 |
|
| 2025-01-08 00:20:56 |
|
| 2025-01-07 03:08:11 |
|
| 2025-01-07 00:20:45 |
|
| 2024-12-27 21:20:28 |
|
