CVE-2024-42132 Affecting kernel-debug-devel package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-KERNELDEBUGDEVEL-7628156
- published 5 Aug 2024
- disclosed 30 Jul 2024
Introduced: 30 Jul 2024
CVE-2024-42132 Open this link in a new tabHow to fix?
There is no fixed version for Centos:7
kernel-debug-devel
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-debug-devel
package and not the kernel-debug-devel
package as distributed by Centos
.
See How to fix?
for Centos:7
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator.
This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection.
Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning.