SB2024053032 - Memory leak in Linux kernel bluetooth
Published: May 30, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024053032
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-36942)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qca_download_firmware() function in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9
- https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a
- https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f
- https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3
- https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.10