CVE-2024-53208: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 Read of size 8 at addr ffff888029b4dd18 by task kworker/u9:0/54 CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-01155-gf723224742fc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: hci0 hci_cmd_sync_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 q kasan_report+0x143/0x180 mm/kasan/report.c:601 set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:328 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd10 kernel/workqueue.c:3389 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 5247: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4193 kmalloc_noprof include/linux/slab.h:681 [inline] kzalloc_noprof include/linux/slab.h:807 [inline] mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269 mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296 set_powered+0x3cd/0x5e0 net/bluetooth/mgmt.c:1394 hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712 hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 new_sync_write fs/read_write.c:497 [inline] vfs_write+0xa72/0xc90 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 5246: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2256 [inline] slab_free mm/slub.c:4477 [inline] kfree+0x149/0x360 mm/slub.c:4598 settings_rsp+0x2bc/0x390 net/bluetooth/mgmt.c:1443 mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259 __mgmt_power_off+0x112/0x420 net/bluetooth/mgmt.c:9455 hci_dev_close_sync+0x665/0x11a0 net/bluetooth/hci_sync.c:5191 hci_dev_do_close net/bluetooth/hci_core.c:483 [inline] hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83gv entry_SYSCALL_64_after_hwframe+0x77/0x7f
AI Analysis
Technical Summary
CVE-2024-53208 is a high-severity use-after-free vulnerability in the Linux kernel's Bluetooth management subsystem, specifically within the set_powered_sync function of the MGMT interface. The flaw arises from improper handling of memory allocation and deallocation in the Bluetooth management code, leading to a slab-use-after-free condition. This means that after a memory object is freed, the kernel may still attempt to read or write to that memory, causing undefined behavior including potential kernel crashes or arbitrary code execution. The vulnerability was identified through Kernel Address Sanitizer (KASAN) reports showing a read of freed memory during synchronous power state changes of Bluetooth devices. The issue is triggered in the context of workqueue processing related to Bluetooth HCI commands, which are typically executed with limited privileges but require local access. The vulnerability affects Linux kernel versions prior to the patch and involves complex kernel internals such as slab allocator and Bluetooth management utilities. Exploitation could allow a local attacker with limited privileges to escalate to higher privileges or cause denial of service by crashing the kernel. The CVSS 3.1 score of 7.8 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity but requiring local privileges and no user interaction. No known exploits are currently reported in the wild, but the vulnerability is critical enough to warrant immediate attention and patching.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially for those relying on Linux-based systems with Bluetooth enabled, including servers, desktops, embedded devices, and IoT infrastructure. The potential impacts include unauthorized privilege escalation, allowing attackers to gain root-level access, which could lead to data breaches, system manipulation, or persistent backdoors. Additionally, the vulnerability can cause kernel panics and system crashes, resulting in denial of service and operational disruptions. Organizations in sectors such as finance, healthcare, manufacturing, and critical infrastructure that use Linux extensively are particularly at risk. The Bluetooth component is often enabled by default or used for device management, increasing the attack surface. Given the local attack vector, insider threats or attackers with initial foothold could leverage this vulnerability to escalate privileges and move laterally within networks. The high severity and broad impact on confidentiality, integrity, and availability make this a critical issue for European enterprises to address promptly to maintain security and compliance with data protection regulations.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patches that address CVE-2024-53208 is essential. Organizations should prioritize updating all affected Linux systems to the latest kernel versions containing the fix. 2. Disable Bluetooth functionality on Linux systems where it is not required to reduce the attack surface. 3. Implement strict access controls and monitoring on systems with Bluetooth enabled to detect unusual activity or attempts to exploit kernel vulnerabilities. 4. Employ kernel hardening techniques such as enabling Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues early. 5. Use security modules like SELinux or AppArmor to restrict the capabilities of processes interacting with Bluetooth subsystems. 6. Conduct regular vulnerability scanning and penetration testing focused on kernel and Bluetooth components to identify potential exploitation attempts. 7. For critical systems, consider network segmentation and limiting local user privileges to minimize the risk of local exploitation. 8. Maintain an incident response plan that includes steps for kernel-level compromise scenarios to ensure rapid containment and recovery.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-53208: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 Read of size 8 at addr ffff888029b4dd18 by task kworker/u9:0/54 CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-01155-gf723224742fc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: hci0 hci_cmd_sync_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 q kasan_report+0x143/0x180 mm/kasan/report.c:601 set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:328 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd10 kernel/workqueue.c:3389 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 5247: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4193 kmalloc_noprof include/linux/slab.h:681 [inline] kzalloc_noprof include/linux/slab.h:807 [inline] mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269 mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296 set_powered+0x3cd/0x5e0 net/bluetooth/mgmt.c:1394 hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712 hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 new_sync_write fs/read_write.c:497 [inline] vfs_write+0xa72/0xc90 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 5246: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2256 [inline] slab_free mm/slub.c:4477 [inline] kfree+0x149/0x360 mm/slub.c:4598 settings_rsp+0x2bc/0x390 net/bluetooth/mgmt.c:1443 mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259 __mgmt_power_off+0x112/0x420 net/bluetooth/mgmt.c:9455 hci_dev_close_sync+0x665/0x11a0 net/bluetooth/hci_sync.c:5191 hci_dev_do_close net/bluetooth/hci_core.c:483 [inline] hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83gv entry_SYSCALL_64_after_hwframe+0x77/0x7f
AI-Powered Analysis
Technical Analysis
CVE-2024-53208 is a high-severity use-after-free vulnerability in the Linux kernel's Bluetooth management subsystem, specifically within the set_powered_sync function of the MGMT interface. The flaw arises from improper handling of memory allocation and deallocation in the Bluetooth management code, leading to a slab-use-after-free condition. This means that after a memory object is freed, the kernel may still attempt to read or write to that memory, causing undefined behavior including potential kernel crashes or arbitrary code execution. The vulnerability was identified through Kernel Address Sanitizer (KASAN) reports showing a read of freed memory during synchronous power state changes of Bluetooth devices. The issue is triggered in the context of workqueue processing related to Bluetooth HCI commands, which are typically executed with limited privileges but require local access. The vulnerability affects Linux kernel versions prior to the patch and involves complex kernel internals such as slab allocator and Bluetooth management utilities. Exploitation could allow a local attacker with limited privileges to escalate to higher privileges or cause denial of service by crashing the kernel. The CVSS 3.1 score of 7.8 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity but requiring local privileges and no user interaction. No known exploits are currently reported in the wild, but the vulnerability is critical enough to warrant immediate attention and patching.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially for those relying on Linux-based systems with Bluetooth enabled, including servers, desktops, embedded devices, and IoT infrastructure. The potential impacts include unauthorized privilege escalation, allowing attackers to gain root-level access, which could lead to data breaches, system manipulation, or persistent backdoors. Additionally, the vulnerability can cause kernel panics and system crashes, resulting in denial of service and operational disruptions. Organizations in sectors such as finance, healthcare, manufacturing, and critical infrastructure that use Linux extensively are particularly at risk. The Bluetooth component is often enabled by default or used for device management, increasing the attack surface. Given the local attack vector, insider threats or attackers with initial foothold could leverage this vulnerability to escalate privileges and move laterally within networks. The high severity and broad impact on confidentiality, integrity, and availability make this a critical issue for European enterprises to address promptly to maintain security and compliance with data protection regulations.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patches that address CVE-2024-53208 is essential. Organizations should prioritize updating all affected Linux systems to the latest kernel versions containing the fix. 2. Disable Bluetooth functionality on Linux systems where it is not required to reduce the attack surface. 3. Implement strict access controls and monitoring on systems with Bluetooth enabled to detect unusual activity or attempts to exploit kernel vulnerabilities. 4. Employ kernel hardening techniques such as enabling Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues early. 5. Use security modules like SELinux or AppArmor to restrict the capabilities of processes interacting with Bluetooth subsystems. 6. Conduct regular vulnerability scanning and penetration testing focused on kernel and Bluetooth components to identify potential exploitation attempts. 7. For critical systems, consider network segmentation and limiting local user privileges to minimize the risk of local exploitation. 8. Maintain an incident response plan that includes steps for kernel-level compromise scenarios to ensure rapid containment and recovery.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-11-19T17:17:25.020Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdef2f
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 7/2/2025, 10:58:08 PM
Last updated: 8/6/2025, 8:29:08 PM
Views: 15
Related Threats
CVE-2025-8834: Cross Site Scripting in JCG Link-net LW-N915R
MediumCVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.