CVE-2024-36968: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in read_buffer_size() and make it return an error value if the validation fails. Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a kzalloc failure and invalid MTU value. divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci0 hci_rx_work RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547 Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42 RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246 RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084 R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000 FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline] l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809 l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506 hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline] hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335 worker_thread+0x926/0xe70 kernel/workqueue.c:3416 kthread+0x2e3/0x380 kernel/kthread.c:388 ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]---
AI Analysis
Technical Summary
CVE-2024-36968 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically within the L2CAP (Logical Link Control and Adaptation Protocol) layer. The flaw exists in the function l2cap_le_flowctl_init(), which is responsible for initializing flow control parameters for Bluetooth Low Energy (LE) connections. The vulnerability arises because the variable hdev->le_mtu (the LE Maximum Transmission Unit) may not be properly validated and can fall outside the expected range. This improper validation can lead to a division-by-zero error and an integer overflow. The division-by-zero occurs during flow control initialization, which can cause a kernel crash (denial of service) or potentially lead to memory corruption. The integer overflow could also result in unpredictable behavior or security issues. The patch involves moving the MTU value from the hci_dev structure to the hci_conn structure to ensure proper validation of the MTU value early in the connection process. Additional validation checks were added in the read_buffer_size() function to return error values if invalid parameters are detected. The hci_conn_add() function was modified to return error pointers when failures occur due to invalid MTU or memory allocation failures. The vulnerability affects Linux kernel versions prior to the fix and is relevant to systems using Bluetooth LE. The provided kernel trace shows a crash due to the divide error in l2cap_le_flowctl_init(), confirming the exploitability of the issue under certain conditions. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. However, the vulnerability impacts kernel stability and potentially security of Bluetooth communications on affected Linux systems.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with Bluetooth LE support, including servers, desktops, embedded devices, and IoT devices. The impact includes potential denial of service through kernel crashes triggered by malformed Bluetooth packets exploiting the division-by-zero error. This could disrupt critical services relying on Linux systems with Bluetooth connectivity, such as industrial control systems, healthcare devices, or enterprise endpoints. Additionally, integer overflow issues may open avenues for privilege escalation or arbitrary code execution, though this is less certain without known exploit details. Organizations with extensive use of Linux-based Bluetooth peripherals or infrastructure (e.g., wireless sensors, access control systems) may face increased risk. The vulnerability could also affect Linux-based mobile devices or laptops used in corporate environments. Disruption or compromise of these systems could lead to operational downtime, data confidentiality breaches, or integrity issues. Given the widespread use of Linux in European IT infrastructure and the growing adoption of Bluetooth LE devices, the vulnerability warrants prompt attention to avoid potential exploitation.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-36968 as soon as they become available from trusted sources or Linux distributions. 2. For organizations using custom or embedded Linux kernels, ensure backporting of the patch to all relevant kernel versions in use. 3. Temporarily disable Bluetooth LE functionality on critical systems where possible until patches are applied, especially on servers or devices exposed to untrusted Bluetooth environments. 4. Implement network segmentation and access controls to limit Bluetooth connectivity to trusted devices only, reducing exposure to malicious Bluetooth packets. 5. Monitor kernel logs and system behavior for signs of crashes or anomalies related to Bluetooth activity to detect potential exploitation attempts. 6. Educate IT and security teams about the vulnerability to ensure rapid response and patch management. 7. For embedded or IoT devices, coordinate with vendors to obtain firmware updates that include the fix or consider device replacement if updates are unavailable. 8. Incorporate Bluetooth security best practices, such as enforcing authentication and encryption for Bluetooth connections, to reduce attack surface.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-36968: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in read_buffer_size() and make it return an error value if the validation fails. Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a kzalloc failure and invalid MTU value. divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci0 hci_rx_work RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547 Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42 RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246 RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084 R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000 FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline] l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809 l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506 hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline] hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335 worker_thread+0x926/0xe70 kernel/workqueue.c:3416 kthread+0x2e3/0x380 kernel/kthread.c:388 ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]---
AI-Powered Analysis
Technical Analysis
CVE-2024-36968 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically within the L2CAP (Logical Link Control and Adaptation Protocol) layer. The flaw exists in the function l2cap_le_flowctl_init(), which is responsible for initializing flow control parameters for Bluetooth Low Energy (LE) connections. The vulnerability arises because the variable hdev->le_mtu (the LE Maximum Transmission Unit) may not be properly validated and can fall outside the expected range. This improper validation can lead to a division-by-zero error and an integer overflow. The division-by-zero occurs during flow control initialization, which can cause a kernel crash (denial of service) or potentially lead to memory corruption. The integer overflow could also result in unpredictable behavior or security issues. The patch involves moving the MTU value from the hci_dev structure to the hci_conn structure to ensure proper validation of the MTU value early in the connection process. Additional validation checks were added in the read_buffer_size() function to return error values if invalid parameters are detected. The hci_conn_add() function was modified to return error pointers when failures occur due to invalid MTU or memory allocation failures. The vulnerability affects Linux kernel versions prior to the fix and is relevant to systems using Bluetooth LE. The provided kernel trace shows a crash due to the divide error in l2cap_le_flowctl_init(), confirming the exploitability of the issue under certain conditions. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. However, the vulnerability impacts kernel stability and potentially security of Bluetooth communications on affected Linux systems.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with Bluetooth LE support, including servers, desktops, embedded devices, and IoT devices. The impact includes potential denial of service through kernel crashes triggered by malformed Bluetooth packets exploiting the division-by-zero error. This could disrupt critical services relying on Linux systems with Bluetooth connectivity, such as industrial control systems, healthcare devices, or enterprise endpoints. Additionally, integer overflow issues may open avenues for privilege escalation or arbitrary code execution, though this is less certain without known exploit details. Organizations with extensive use of Linux-based Bluetooth peripherals or infrastructure (e.g., wireless sensors, access control systems) may face increased risk. The vulnerability could also affect Linux-based mobile devices or laptops used in corporate environments. Disruption or compromise of these systems could lead to operational downtime, data confidentiality breaches, or integrity issues. Given the widespread use of Linux in European IT infrastructure and the growing adoption of Bluetooth LE devices, the vulnerability warrants prompt attention to avoid potential exploitation.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-36968 as soon as they become available from trusted sources or Linux distributions. 2. For organizations using custom or embedded Linux kernels, ensure backporting of the patch to all relevant kernel versions in use. 3. Temporarily disable Bluetooth LE functionality on critical systems where possible until patches are applied, especially on servers or devices exposed to untrusted Bluetooth environments. 4. Implement network segmentation and access controls to limit Bluetooth connectivity to trusted devices only, reducing exposure to malicious Bluetooth packets. 5. Monitor kernel logs and system behavior for signs of crashes or anomalies related to Bluetooth activity to detect potential exploitation attempts. 6. Educate IT and security teams about the vulnerability to ensure rapid response and patch management. 7. For embedded or IoT devices, coordinate with vendors to obtain firmware updates that include the fix or consider device replacement if updates are unavailable. 8. Incorporate Bluetooth security best practices, such as enforcing authentication and encryption for Bluetooth connections, to reduce attack surface.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-30T15:25:07.081Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9829c4522896dcbe2825
Added to database: 5/21/2025, 9:08:57 AM
Last enriched: 6/29/2025, 10:42:22 AM
Last updated: 8/3/2025, 12:31:46 AM
Views: 11
Related Threats
CVE-2025-49895: CWE-352 Cross-Site Request Forgery (CSRF) in iThemes ServerBuddy by PluginBuddy.com
HighCVE-2025-55284: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in anthropics claude-code
HighCVE-2025-55286: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in vancluever z2d
HighCVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.