CVE-2024-56757

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before unregistering hci device when usb disconnect. Removing BT usb dongle without properly releasing the interface may cause Kernel panic while unregister hci device.

References

Link	Resource
https://git.kernel.org/stable/c/489304e67087abddc2666c5af0159cb95afdcf59	Patch
https://git.kernel.org/stable/c/cc569d791ab2a0de74f76e470515d25d24c9b84b	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

07 Jan 2025, 22:46

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btusb: mediatek: agregar flujo de liberación de intf cuando se desconecta el USB MediaTek reclama una interfaz USB intr especial para la transmisión de datos ISO. La interfaz debe liberarse antes de anular el registro del dispositivo HCI cuando se desconecta el USB. Quitar el dispositivo USB BT sin liberar correctamente la interfaz puede provocar un pánico del kernel al anular el registro del dispositivo HCI.
References	~~() https://git.kernel.org/stable/c/489304e67087abddc2666c5af0159cb95afdcf59 -~~	() https://git.kernel.org/stable/c/489304e67087abddc2666c5af0159cb95afdcf59 - Patch
References	~~() https://git.kernel.org/stable/c/cc569d791ab2a0de74f76e470515d25d24c9b84b -~~	() https://git.kernel.org/stable/c/cc569d791ab2a0de74f76e470515d25d24c9b84b - Patch
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-404
CPE		cpe:2.3:o:linux:linux_kernel::::::::

06 Jan 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-06 17:15

Updated : 2025-10-01 20:17

NVD link : CVE-2024-56757

Mitre link : CVE-2024-56757

CVE.ORG link : CVE-2024-56757

JSON object : View

Products Affected

linux_kernel

CWE

CWE-404

Improper Resource Shutdown or Release

{"id": "CVE-2024-56757", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-01-06T17:15:40.297", "references": [{"url": "https://git.kernel.org/stable/c/489304e67087abddc2666c5af0159cb95afdcf59", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cc569d791ab2a0de74f76e470515d25d24c9b84b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-404"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-404"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: mediatek: add intf release flow when usb disconnect\n\nMediaTek claim an special usb intr interface for ISO data transmission.\nThe interface need to be released before unregistering hci device when\nusb disconnect. Removing BT usb dongle without properly releasing the\ninterface may cause Kernel panic while unregister hci device."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btusb: mediatek: agregar flujo de liberaci\u00f3n de intf cuando se desconecta el USB MediaTek reclama una interfaz USB intr especial para la transmisi\u00f3n de datos ISO. La interfaz debe liberarse antes de anular el registro del dispositivo HCI cuando se desconecta el USB. Quitar el dispositivo USB BT sin liberar correctamente la interfaz puede provocar un p\u00e1nico del kernel al anular el registro del dispositivo HCI."}], "lastModified": "2025-10-01T20:17:49.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37A8903F-DC48-45AD-98DC-188AFD7C5844", "versionEndExcluding": "6.12.8"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}