CVE-2024-42132 in Linuxinfo

Summary

by MITRE • 07/30/2024

In the Linux kernel, the following vulnerability has been resolved:

bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX

Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator.

This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection.

Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/19/2025

The vulnerability identified as CVE-2024-42132 represents a critical issue within the Linux kernel's Bluetooth subsystem that stems from inadequate input validation in the HCI (Host Controller Interface) connection handling mechanism. This flaw exists in the bluetooth/hci component where the kernel fails to properly validate connection handle values during Bluetooth Low Energy (BLE) operations. The vulnerability manifests when a connection handle value exceeds the defined maximum threshold of HCI_CONN_HANDLE_MAX, leading to improper memory management and potential system instability. The issue was discovered through automated fuzzing conducted by syzbot, which detected a warning condition in the hci_conn_del() function when attempting to free a handle that was not properly allocated through the standard ida allocator mechanism.

The technical root cause of this vulnerability lies in the inconsistent validation of connection handle values between different kernel functions within the Bluetooth HCI subsystem. Specifically, the hci_le_big_sync_established_evt() function processes connection handles without applying the same upper bound checks that are present in the hci_conn_set_handle() function. This discrepancy creates a scenario where connection handles exceeding HCI_CONN_HANDLE_MAX are accepted and processed, causing the kernel to treat these invalid handles as unset connections. The improper handling occurs because the code logic assumes that handles beyond the maximum threshold are invalid or unset, leading to incorrect memory management operations and potential use-after-free conditions. This vulnerability directly relates to CWE-129, which addresses improper validation of input ranges, and CWE-787, which covers out-of-bounds write operations.

The operational impact of this vulnerability extends beyond simple memory management issues to potentially compromise system stability and security. When a malicious actor or faulty Bluetooth device attempts to establish a connection with an invalid handle value, the kernel may experience unexpected behavior including system crashes, memory corruption, or denial of service conditions. The vulnerability affects systems running Linux kernels with Bluetooth functionality, particularly those implementing BLE connections where the hci_le_big_sync_established_evt() function is invoked. The issue becomes more pronounced in environments where multiple Bluetooth connections are managed simultaneously, as the improper handle validation can cascade into broader system instability. This type of vulnerability aligns with ATT&CK technique T1059.006, where kernel-level code execution can be leveraged to manipulate system resources and potentially escalate privileges.

The mitigation strategy for CVE-2024-42132 involves implementing consistent boundary checks across all Bluetooth HCI connection handle validation functions. The fix requires adding the same upper bound validation logic that exists in hci_conn_set_handle() to the hci_le_big_sync_established_evt() function, ensuring that handle values are properly constrained within the valid range defined by HCI_CONN_HANDLE_MAX. System administrators should prioritize updating to kernel versions that include this patch, particularly in environments where Bluetooth connectivity is critical or where systems may be exposed to untrusted Bluetooth devices. The solution aligns with security best practices outlined in the Linux kernel security documentation, which emphasizes the importance of input validation and proper resource management in kernel space operations. Additionally, organizations should consider implementing monitoring solutions to detect anomalous Bluetooth connection patterns that might indicate exploitation attempts, while maintaining regular kernel updates to address similar vulnerabilities that may arise in the Bluetooth subsystem.

Responsible

Linux

Reservation

07/29/2024

Disclosure

07/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00226

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!