{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-58009","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-27T02:10:48.227Z","datePublished":"2025-02-27T02:12:04.637Z","dateUpdated":"2025-11-03T19:33:22.791Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T10:08:19.816Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/bluetooth/l2cap_sock.c"],"versions":[{"version":"f6ad641646b67f29c7578dcd6c25813c7dcbf51e","lessThan":"a9a7672fc1a0fe18502493936ccb06413ab89ea6","status":"affected","versionType":"git"},{"version":"daa13175a6dea312a76099066cb4cbd4fc959a84","lessThan":"8e605f580a97530e5a3583beea458a3fa4cbefbd","status":"affected","versionType":"git"},{"version":"a8677028dd5123e5e525b8195483994d87123de4","lessThan":"cf601a24120c674cd7c907ea695f92617af6abd0","status":"affected","versionType":"git"},{"version":"bb2f2342a6ddf7c04f9aefbbfe86104cd138e629","lessThan":"297ce7f544aa675b0d136d788cad0710cdfb0785","status":"affected","versionType":"git"},{"version":"8ad09ddc63ace3950ac43db6fbfe25b40f589dd6","lessThan":"245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22","status":"affected","versionType":"git"},{"version":"61686abc2f3c2c67822aa23ce6f160467ec83d35","lessThan":"691218a50c3139f7f57ffa79fb89d932eda9571e","status":"affected","versionType":"git"},{"version":"7c4f78cdb8e7501e9f92d291a7d956591bf73be9","lessThan":"49c0d55d59662430f1829ae85b969619573d0fa1","status":"affected","versionType":"git"},{"version":"7c4f78cdb8e7501e9f92d291a7d956591bf73be9","lessThan":"5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/bluetooth/l2cap_sock.c"],"versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","status":"unaffected","versionType":"semver"},{"version":"5.4.291","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.235","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.179","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.129","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.78","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.14","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.3","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.287","versionEndExcluding":"5.4.291"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.231","versionEndExcluding":"5.10.235"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.174","versionEndExcluding":"5.15.179"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.120","versionEndExcluding":"6.1.129"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.66","versionEndExcluding":"6.6.78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.5","versionEndExcluding":"6.12.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a9a7672fc1a0fe18502493936ccb06413ab89ea6"},{"url":"https://git.kernel.org/stable/c/8e605f580a97530e5a3583beea458a3fa4cbefbd"},{"url":"https://git.kernel.org/stable/c/cf601a24120c674cd7c907ea695f92617af6abd0"},{"url":"https://git.kernel.org/stable/c/297ce7f544aa675b0d136d788cad0710cdfb0785"},{"url":"https://git.kernel.org/stable/c/245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22"},{"url":"https://git.kernel.org/stable/c/691218a50c3139f7f57ffa79fb89d932eda9571e"},{"url":"https://git.kernel.org/stable/c/49c0d55d59662430f1829ae85b969619573d0fa1"},{"url":"https://git.kernel.org/stable/c/5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1"}],"title":"Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:33:22.791Z"}}]}}