Описание
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel
A use-after-free flaw was found in the Linux kernel's Bluetooth functionality. A user could trigger a race condition while closing the connection. This issue may allow a local user to crash or potentially escalate their privileges on the system.
Отчет
For RHEL 9, the issue is already fixed. Overall, this issue is considered Moderate because the race condition is complex and can only be triggered by a local user while closing the connection.
Меры по смягчению последствий
The only way to mitigate these vulnerabilities on the operating system level is to disable the Bluetooth functionality via blacklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. How to disable Bluetooth modules instructions are available on the Customer Portal at https://access.redhat.com/solutions/2682931. Alternatively, Bluetooth can be disabled within the hardware or at BIOS level, which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Will not fix |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel
In l2cap_chan_put of l2cap_core, there is a possible use after free du ...
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel
Уязвимость функции l2cap_chan_put() (l2cap_core.с) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
7 High
CVSS3