CVE-2024-53238

{"id": "CVE-2024-53238", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-12-27T14:15:32.253", "references": [{"url": "https://git.kernel.org/stable/c/1219c211ccd061cde002cc5708692efca515a7a0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/61c5a3def90ac729a538e5ca5ff7f461cff72776", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d8bd79f0eea9c07d90ce870a714ab5c10afaa4b3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btmtk: adjust the position to init iso data anchor\n\nMediaTek iso data anchor init should be moved to where MediaTek\nclaims iso data interface.\nIf there is an unexpected BT usb disconnect during setup flow,\nit will cause a NULL pointer crash issue when releasing iso\nanchor since the anchor wasn't been init yet. Adjust the position\nto do iso data anchor init.\n\n[ 17.137991] pc : usb_kill_anchored_urbs+0x60/0x168\n[ 17.137998] lr : usb_kill_anchored_urbs+0x44/0x168\n[ 17.137999] sp : ffffffc0890cb5f0\n[ 17.138000] x29: ffffffc0890cb5f0 x28: ffffff80bb6c2e80\n[ 17.144081] gpio gpiochip0: registered chardev handle for 1 lines\n[ 17.148421] x27: 0000000000000000\n[ 17.148422] x26: ffffffd301ff4298 x25: 0000000000000003 x24: 00000000000000f0\n[ 17.148424] x23: 0000000000000000 x22: 00000000ffffffff x21: 0000000000000001\n[ 17.148425] x20: ffffffffffffffd8 x19: ffffff80c0f25560 x18: 0000000000000000\n[ 17.148427] x17: ffffffd33864e408 x16: ffffffd33808f7c8 x15: 0000000000200000\n[ 17.232789] x14: e0cd73cf80ffffff x13: 50f2137c0a0338c9 x12: 0000000000000001\n[ 17.239912] x11: 0000000080150011 x10: 0000000000000002 x9 : 0000000000000001\n[ 17.247035] x8 : 0000000000000000 x7 : 0000000000008080 x6 : 8080000000000000\n[ 17.254158] x5 : ffffffd33808ebc0 x4 : fffffffe033dcf20 x3 : 0000000080150011\n[ 17.261281] x2 : ffffff8087a91400 x1 : 0000000000000000 x0 : ffffff80c0f25588\n[ 17.268404] Call trace:\n[ 17.270841] usb_kill_anchored_urbs+0x60/0x168\n[ 17.275274] btusb_mtk_release_iso_intf+0x2c/0xd8 [btusb (HASH:5afe 6)]\n[ 17.284226] btusb_mtk_disconnect+0x14/0x28 [btusb (HASH:5afe 6)]\n[ 17.292652] btusb_disconnect+0x70/0x140 [btusb (HASH:5afe 6)]\n[ 17.300818] usb_unbind_interface+0xc4/0x240\n[ 17.305079] device_release_driver_internal+0x18c/0x258\n[ 17.310296] device_release_driver+0x1c/0x30\n[ 17.314557] bus_remove_device+0x140/0x160\n[ 17.318643] device_del+0x1c0/0x330\n[ 17.322121] usb_disable_device+0x80/0x180\n[ 17.326207] usb_disconnect+0xec/0x300\n[ 17.329948] hub_quiesce+0x80/0xd0\n[ 17.333339] hub_disconnect+0x44/0x190\n[ 17.337078] usb_unbind_interface+0xc4/0x240\n[ 17.341337] device_release_driver_internal+0x18c/0x258\n[ 17.346551] device_release_driver+0x1c/0x30\n[ 17.350810] usb_driver_release_interface+0x70/0x88\n[ 17.355677] proc_ioctl+0x13c/0x228\n[ 17.359157] proc_ioctl_default+0x50/0x80\n[ 17.363155] usbdev_ioctl+0x830/0xd08\n[ 17.366808] __arm64_sys_ioctl+0x94/0xd0\n[ 17.370723] invoke_syscall+0x6c/0xf8\n[ 17.374377] el0_svc_common+0x84/0xe0\n[ 17.378030] do_el0_svc+0x20/0x30\n[ 17.381334] el0_svc+0x34/0x60\n[ 17.384382] el0t_64_sync_handler+0x88/0xf0\n[ 17.388554] el0t_64_sync+0x180/0x188\n[ 17.392208] Code: f9400677 f100a2f4 54fffea0 d503201f (b8350288)\n[ 17.398289] ---[ end trace 0000000000000000 ]---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btmtk: ajuste la posici\u00f3n para inicializar el ancla de datos iso. La inicializaci\u00f3n del ancla de datos iso de MediaTek debe moverse a donde MediaTek afirma que tiene interfaz de datos iso. Si hay una desconexi\u00f3n USB de BT inesperada durante el flujo de configuraci\u00f3n, provocar\u00e1 un problema de bloqueo del puntero NULL al liberar el ancla iso, ya que el ancla a\u00fan no se hab\u00eda inicializado. Ajuste la posici\u00f3n para inicializar el ancla de datos iso. [ 17.137991] pc : usb_kill_anchored_urbs+0x60/0x168 [ 17.137998] lr : usb_kill_anchored_urbs+0x44/0x168 [ 17.137999] sp : ffffffc0890cb5f0 [ 17.138000] x29: ffffffc0890cb5f0 x28: ffffff80bb6c2e80 [ 17.144081] gpio gpiochip0: identificador chardev registrado para 1 l\u00edneas [ 17.148421] x27: 0000000000000000 [ 17.148422] x26: ffffffd301ff4298 x25: 00000000000000003 x24: 00000000000000f0 [ 17.148424] x23: 0000000000000000 x22: 00000000ffffffff x21: 0000000000000001 [ 17.148425] x20: ffffffffffffffd8 x19: ffffff80c0f25560 x18: 0000000000000000 [ 17.148427] x17: ffffffd33864e408 x16: ffffffd33808f7c8 x15: 0000000000200000 [ 17.232789] x14: e0cd73cf80ffffff x13: 50f2137c0a0338c9 x12: 0000000000000001 [ 17.239912] x11: 0000000080150011 x10: 0000000000000002 x9: 0000000000000001 [ 17.247035] x8: 0000000000000000 x7: 0000000000008080 x6: 8080000000000000 [ 17.254158] x5: ffffffd33808ebc0 x4 : fffffffe033dcf20 x3 : 0000000080150011 [ 17.261281] x2 : ffffff8087a91400 x1 : 0000000000000000 x0 : ffffff80c0f25588 [ 17.268404] Rastreo de llamadas: [ 17.270841] usb_kill_anchored_urbs+0x60/0x168 [ 17.275274] btusb_mtk_release_iso_intf+0x2c/0xd8 [btusb (HASH:5afe 6)] [ 17.284226] btusb_mtk_disconnect+0x14/0x28 [btusb (HASH:5afe 6)] [ 17.292652] btusb_disconnect+0x70/0x140 [btusb (HASH:5afe 6)] [ 17.300818] interfaz_desvinculaci\u00f3n_usb+0xc4/0x240 [ 17.305079] controlador_liberaci\u00f3n_dispositivo_interno+0x18c/0x258 [ 17.310296] controlador_liberaci\u00f3n_dispositivo+0x1c/0x30 [ 17.314557] dispositivo_eliminaci\u00f3n_bus+0x140/0x160 [ 17.318643] dispositivo_del+0x1c0/0x330 [ 17.322121] usb_disable_device+0x80/0x180 [ 17.326207] usb_disconnect+0xec/0x300 [ 17.329948] hub_quiesce+0x80/0xd0 [ 17.333339] hub_disconnect+0x44/0x190 [ 17.337078] usb_unbind_interface+0xc4/0x240 [ 17.341337] device_release_driver_internal+0x18c/0x258 [ 17.346551] device_release_driver+0x1c/0x30 [ 17.350810] usb_driver_release_interface+0x70/0x88 [ 17.355677] El0_svc_common+0x84/0xe0 [ 17.378030] El0_svc+0x20/0x30 [ 17.381334] El0_svc+0x34/0x60 [ 17.384382] el0t_64_sync_handler+0x88/0xf0 [ 17.388554] el0t_64_sync+0x180/0x188 [ 17.392208] C\u00f3digo: f9400677 f100a2f4 54fffea0 d503201f (b8350288) [ 17.398289] ---[ fin de seguimiento 0000000000000000 ]---"}], "lastModified": "2025-01-08T16:41:35.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07BE5DA1-4C04-4052-9B58-6EDE15469D65", "versionEndExcluding": "6.11.11", "versionStartIncluding": "6.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}