Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-56654

Опубликовано: 27 дек. 2024
Источник: nvd
CVSS3: 5.5
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating

The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is not safe since for the most part entries fetched this way shall be treated as rcu_dereference:

Note that the value returned by rcu_dereference() is valid only within the enclosing RCU read-side critical section [1]_. For example, the following is **not** legal:: rcu_read_lock(); p = rcu_dereference(head.next); rcu_read_unlock(); x = p->address; /* BUG!!! */ rcu_read_lock(); y = p->data; /* BUG!!! */ rcu_read_unlock();

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.4.16 (включая) до 6.5 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.5.3 (включая) до 6.6.67 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.12.6 (исключая)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*

EPSS

Процентиль: 4%
0.00022
Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2024-56654

CVSS3: 5.5
ubuntu
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is not safe since for the most part entries fetched this way shall be treated as rcu_dereference: Note that the value returned by rcu_dereference() is valid only within the enclosing RCU read-side critical section [1]_. For example, the following is **not** legal:: rcu_read_lock(); p = rcu_dereference(head.next); rcu_read_unlock(); x = p->address; /* BUG!!! */ rcu_read_lock(); y = p->data; /* BUG!!! */ rcu_read_unlock();

redhat логотип

CVE-2024-56654

CVSS3: 5.5
redhat
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is not safe since for the most part entries fetched this way shall be treated as rcu_dereference: Note that the value returned by rcu_dereference() is valid only within the enclosing RCU read-side critical section [1]_. For example, the following is **not** legal:: rcu_read_lock(); p = rcu_dereference(head.next); rcu_read_unlock(); x = p->address;/* BUG!!! */ rcu_read_lock(); y = p->data;/* BUG!!! */ rcu_read_unlock();

msrc логотип

CVE-2024-56654

CVSS3: 5.5
msrc
3 месяца назад

Описание отсутствует

debian логотип

CVE-2024-56654

CVSS3: 5.5
debian
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: B ...

github логотип

GHSA-h8m3-2hqh-wxmr

CVSS3: 5.5
github
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is not safe since for the most part entries fetched this way shall be treated as rcu_dereference: Note that the value returned by rcu_dereference() is valid only within the enclosing RCU read-side critical section [1]_. For example, the following is **not** legal:: rcu_read_lock(); p = rcu_dereference(head.next); rcu_read_unlock(); x = p->address; /* BUG!!! */ rcu_read_lock(); y = p->data; /* BUG!!! */ rcu_read_unlock();

EPSS

Процентиль: 4%
0.00022
Низкий

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo