CVE-2024-56654

Published: Dic 27, 2024 Last Modified: Ott 01, 2025 EU-VD ID: EUVD-2024-53302

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,5

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating

The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is
not safe since for the most part entries fetched this way shall be
treated as rcu_dereference:

Note that the value returned by rcu_dereference() is valid
only within the enclosing RCU read-side critical section [1]_.
For example, the following is **not** legal::

rcu_read_lock();
p = rcu_dereference(head.next);
rcu_read_unlock();
x = p->address; /* BUG!!! */
rcu_read_lock();
y = p->data; /* BUG!!! */
rcu_read_unlock();

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0003

Percentile

0,1th

Updated

EPSS Score Trend (Last 90 Days)

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version Range Affected

From 6.7 (inclusive)

To 6.12.6 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version 6.13

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version 6.13

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version Range Affected

From 6.4.16 (inclusive)

To 6.5 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version Range Affected

From 6.5.3 (inclusive)

To 6.6.67 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://git.kernel.org/stable/c/0108132d7d76d884e443d18b4f0…

https://git.kernel.org/stable/c/0108132d7d76d884e443d18b4f067cdf2811911b

https://git.kernel.org/stable/c/581dd2dc168fe0ed2a7a5534a72…

https://git.kernel.org/stable/c/581dd2dc168fe0ed2a7a5534a724f0d3751c93ae

https://git.kernel.org/stable/c/f9ecc90b5d501b3a5a62d0685d5…

https://git.kernel.org/stable/c/f9ecc90b5d501b3a5a62d0685d5104f934bb0104

CVE-2024-56654

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Linux Kernel by Linux

Product Information

Linux Kernel by Linux

Product Information

Linux Kernel by Linux

Product Information

Linux Kernel by Linux

Product Information

Linux Kernel by Linux

Product Information

Iscriviti alla newsletter