CVE-2024-58013: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543 Read of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961 CPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: hci0 hci_cmd_sync_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 16026: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314 kmalloc_noprof include/linux/slab.h:901 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269 mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296 remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568 hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712 hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:726 sock_write_iter+0x2d7/0x3f0 net/socket.c:1147 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xaeb/0xd30 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 16022: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2338 [inline] slab_free mm/slub.c:4598 [inline] kfree+0x196/0x420 mm/slub.c:4746 mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259 __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550 hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208 hci_dev_do_close net/bluetooth/hci_core.c:483 [inline] hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508 sock_do_ioctl+0x158/0x460 net/socket.c:1209 sock_ioctl+0x626/0x8e0 net/socket.c:1328 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
AI Analysis
Technical Summary
CVE-2024-58013 is a high-severity vulnerability identified in the Linux kernel's Bluetooth management subsystem. Specifically, it is a use-after-free flaw (CWE-416) located in the function mgmt_remove_adv_monitor_sync within the net/bluetooth/mgmt.c source file. The vulnerability arises from improper handling of memory objects related to Bluetooth advertisement monitoring, where a slab object is freed but subsequently accessed, leading to a use-after-free condition. This flaw was detected through Kernel Address Sanitizer (KASAN) reports indicating a read of freed memory during the execution of Bluetooth management commands. The vulnerability can cause kernel crashes (denial of service) and potentially allow an attacker with limited privileges (local access with low privileges) to escalate their privileges or execute arbitrary code in kernel context due to the corrupted memory state. The CVSS 3.1 base score of 7.8 reflects its high impact on confidentiality, integrity, and availability, with an attack vector limited to local access but requiring low privileges and no user interaction. The flaw affects multiple versions of the Linux kernel prior to the patch and is particularly relevant to systems utilizing Bluetooth functionality. The detailed kernel stack traces show the lifecycle of the vulnerable object allocation and freeing, confirming the use-after-free scenario during Bluetooth management operations. No known exploits are currently reported in the wild, but the vulnerability's nature and impact warrant prompt attention and remediation.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially to those relying on Linux-based systems with Bluetooth enabled, such as enterprise servers, IoT devices, embedded systems, and workstations. Exploitation could lead to kernel crashes causing denial of service, disrupting critical services and operations. More critically, it could allow local attackers or compromised processes to escalate privileges to kernel level, potentially leading to full system compromise, data breaches, or persistent malware installation. This is particularly concerning for sectors with sensitive data or critical infrastructure such as finance, healthcare, manufacturing, and government agencies. The vulnerability's exploitation could also impact cloud service providers and data centers running Linux on virtualized or physical hardware with Bluetooth capabilities, affecting availability and confidentiality of hosted services. Given the widespread use of Linux in Europe across various industries and the increasing adoption of Bluetooth-enabled devices, the threat surface is broad. The lack of known exploits currently provides a window for mitigation, but the high severity score indicates that the vulnerability should be treated as a priority to prevent future attacks.
Mitigation Recommendations
European organizations should implement the following specific mitigation steps: 1) Immediately apply the official Linux kernel patches that address CVE-2024-58013 once available from trusted sources or Linux distribution vendors. 2) If patching is delayed, consider disabling Bluetooth functionality on critical systems where it is not essential to reduce the attack surface. 3) Employ strict access controls and monitoring on systems with Bluetooth enabled to detect suspicious local activity or unauthorized Bluetooth management commands. 4) Use kernel hardening features such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar memory corruption issues proactively. 5) Regularly update Linux kernels and Bluetooth stack components to incorporate security fixes. 6) For cloud and virtualized environments, ensure hypervisor and host OS security policies prevent untrusted local code execution. 7) Conduct security audits focusing on Bluetooth usage and privilege separation to minimize the risk of local privilege escalation. 8) Educate system administrators about the risks of local exploits and the importance of timely patching. These measures go beyond generic advice by focusing on Bluetooth subsystem controls, kernel patch management, and local privilege containment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-58013: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543 Read of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961 CPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: hci0 hci_cmd_sync_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 16026: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314 kmalloc_noprof include/linux/slab.h:901 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269 mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296 remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568 hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712 hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:726 sock_write_iter+0x2d7/0x3f0 net/socket.c:1147 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xaeb/0xd30 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 16022: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2338 [inline] slab_free mm/slub.c:4598 [inline] kfree+0x196/0x420 mm/slub.c:4746 mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259 __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550 hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208 hci_dev_do_close net/bluetooth/hci_core.c:483 [inline] hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508 sock_do_ioctl+0x158/0x460 net/socket.c:1209 sock_ioctl+0x626/0x8e0 net/socket.c:1328 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
AI-Powered Analysis
Technical Analysis
CVE-2024-58013 is a high-severity vulnerability identified in the Linux kernel's Bluetooth management subsystem. Specifically, it is a use-after-free flaw (CWE-416) located in the function mgmt_remove_adv_monitor_sync within the net/bluetooth/mgmt.c source file. The vulnerability arises from improper handling of memory objects related to Bluetooth advertisement monitoring, where a slab object is freed but subsequently accessed, leading to a use-after-free condition. This flaw was detected through Kernel Address Sanitizer (KASAN) reports indicating a read of freed memory during the execution of Bluetooth management commands. The vulnerability can cause kernel crashes (denial of service) and potentially allow an attacker with limited privileges (local access with low privileges) to escalate their privileges or execute arbitrary code in kernel context due to the corrupted memory state. The CVSS 3.1 base score of 7.8 reflects its high impact on confidentiality, integrity, and availability, with an attack vector limited to local access but requiring low privileges and no user interaction. The flaw affects multiple versions of the Linux kernel prior to the patch and is particularly relevant to systems utilizing Bluetooth functionality. The detailed kernel stack traces show the lifecycle of the vulnerable object allocation and freeing, confirming the use-after-free scenario during Bluetooth management operations. No known exploits are currently reported in the wild, but the vulnerability's nature and impact warrant prompt attention and remediation.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially to those relying on Linux-based systems with Bluetooth enabled, such as enterprise servers, IoT devices, embedded systems, and workstations. Exploitation could lead to kernel crashes causing denial of service, disrupting critical services and operations. More critically, it could allow local attackers or compromised processes to escalate privileges to kernel level, potentially leading to full system compromise, data breaches, or persistent malware installation. This is particularly concerning for sectors with sensitive data or critical infrastructure such as finance, healthcare, manufacturing, and government agencies. The vulnerability's exploitation could also impact cloud service providers and data centers running Linux on virtualized or physical hardware with Bluetooth capabilities, affecting availability and confidentiality of hosted services. Given the widespread use of Linux in Europe across various industries and the increasing adoption of Bluetooth-enabled devices, the threat surface is broad. The lack of known exploits currently provides a window for mitigation, but the high severity score indicates that the vulnerability should be treated as a priority to prevent future attacks.
Mitigation Recommendations
European organizations should implement the following specific mitigation steps: 1) Immediately apply the official Linux kernel patches that address CVE-2024-58013 once available from trusted sources or Linux distribution vendors. 2) If patching is delayed, consider disabling Bluetooth functionality on critical systems where it is not essential to reduce the attack surface. 3) Employ strict access controls and monitoring on systems with Bluetooth enabled to detect suspicious local activity or unauthorized Bluetooth management commands. 4) Use kernel hardening features such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar memory corruption issues proactively. 5) Regularly update Linux kernels and Bluetooth stack components to incorporate security fixes. 6) For cloud and virtualized environments, ensure hypervisor and host OS security policies prevent untrusted local code execution. 7) Conduct security audits focusing on Bluetooth usage and privilege separation to minimize the risk of local privilege escalation. 8) Educate system administrators about the risks of local exploits and the importance of timely patching. These measures go beyond generic advice by focusing on Bluetooth subsystem controls, kernel patch management, and local privilege containment.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-27T02:10:48.227Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdecfd
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 7/2/2025, 10:40:11 PM
Last updated: 8/17/2025, 11:47:56 PM
Views: 17
Related Threats
CVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumCVE-2025-57702: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumCVE-2025-57701: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.