Search for vulnerabilities
| Vulnerability ID | VCID-etv1-h6u6-eqgb |
| Aliases |
CVE-2024-36013
|
| Summary | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ┌ mutex_lock(&conn->chan_lock); │ foreach chan in conn->chan_l: ... (2) │ l2cap_chan_put(chan); │ l2cap_chan_destroy │ kfree(chan) ... (3) <- chan freed └ mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.4 |
| Risk | 3.2 |
| Affected and Fixed Packages | Package Details |
| CWE-416 | Use After Free |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36013.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2024-36013 | ||
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36013 | ||
| https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml | ||
| 2282952 | https://bugzilla.redhat.com/show_bug.cgi?id=2282952 | |
| 4d7b41c0e43995b0e992b9f8903109275744b658 | https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658 | |
| 826af9d2f69567c646ff46d10393d47e30ad23c6 | https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6 | |
| cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5 | https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5 | |
| RHSA-2025:6966 | https://access.redhat.com/errata/RHSA-2025:6966 | |
| USN-6949-1 | https://usn.ubuntu.com/6949-1/ | |
| USN-6949-2 | https://usn.ubuntu.com/6949-2/ | |
| USN-6952-1 | https://usn.ubuntu.com/6952-1/ | |
| USN-6952-2 | https://usn.ubuntu.com/6952-2/ | |
| USN-6955-1 | https://usn.ubuntu.com/6955-1/ |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.24461 |
| EPSS Score | 0.00084 |
| Published At | June 5, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T16:50:38.680726+00:00 | Debian Importer | Import | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |