CVE-2024-26801: Bluetooth: Avoid potential use-after-free in hci_error_reset

Q: What is the severity of CVE-2024-26801?

CVE-2024-26801 has been classified as a high severity vulnerability affecting the Linux kernel.

Q: How do I fix CVE-2024-26801?

To mitigate CVE-2024-26801, users should upgrade to the corrected versions of the Linux kernel as specified in the advisory.

Q: Which Linux kernel versions are affected by CVE-2024-26801?

CVE-2024-26801 affects multiple versions, including kernel versions prior to 4.19.309, 5.4.271, 5.10.212, 5.15.151, 6.1.81, and others.

Q: Is there a workaround for CVE-2024-26801?

While the recommended solution is to upgrade, there may not be effective workarounds for CVE-2024-26801.

Q: Where can I find more information about CVE-2024-26801?

Additional details regarding CVE-2024-26801 can typically be found in the official Linux kernel security advisories and release notes.

Published Apr 4, 2024

Updated

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: Avoid potential use-after-free in hcierrorreset

The Linux kernel CVE team has assigned CVE-2024-26801 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040403-CVE-2024-26801-da9f@gregkh/T

Other sources

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: Avoid potential use-after-free in hcierrorreset

While handling the HCIEVHARDWAREERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hcidev and lead to a use-after-free in hcierrorreset.

Here's the call trace observed on a ChromeOS device with Intel AX201: queueworkon+0x3e/0x6c hcicmdsyncsk+0x2ee/0x4c0 [bluetooth ] ? initwaitentry+0x31/0x31 hcicmdsync+0x16/0x20 [bluetooth ] hcierrorreset+0x4f/0xa4 [bluetooth ] processonework+0x1d8/0x33f workerthread+0x21b/0x373 kthread+0x13a/0x152 ? prcontwork+0x54/0x54 ? kthreadblkcg+0x31/0x31 retfromfork+0x1f/0x30

This patch holds the reference count on the hcidev while processing a HCIEVHARDWAREERROR event to avoid potential crash.

— IBM

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: Avoid potential use-after-free in hcierrorreset

While handling the HCIEVHARDWAREERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hcidev and lead to a use-after-free in hcierrorreset.

Here's the call trace observed on a ChromeOS device with Intel AX201: queueworkon+0x3e/0x6c hcicmdsyncsk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? initwaitentry+0x31/0x31 hcicmdsync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hcierrorreset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>] processonework+0x1d8/0x33f workerthread+0x21b/0x373 kthread+0x13a/0x152 ? prcontwork+0x54/0x54 ? kthreadblkcg+0x31/0x31 retfromfork+0x1f/0x30

This patch holds the reference count on the hcidev while processing a HCIEVHARDWAREERROR event to avoid potential crash.

— NVD

Affected Software

26 affected componentsFixes available

redhat/kernel<4.19.309

4.19.309

redhat/kernel<5.4.271

5.4.271

redhat/kernel<5.10.212

5.10.212

redhat/kernel<5.15.151

5.15.151

redhat/kernel<6.1.81

6.1.81

redhat/kernel<6.6.21

6.6.21

redhat/kernel<6.7.9

6.7.9

redhat/kernel<6.8

6.8

Linux Linux Kernel>=4.0<4.19.309

Linux Linux Kernel>=4.20<5.4.271

Linux Linux Kernel>=5.5<5.10.212

Linux Linux Kernel>=5.11<5.15.151

Linux Linux Kernel>=5.16<6.1.81

Linux Linux Kernel>=6.2<6.6.21

Linux Linux Kernel>=6.7<6.7.9

Linux Linux Kernel=6.8-rc1

Linux Linux Kernel=6.8-rc2

Linux Linux Kernel=6.8-rc3

Linux Linux Kernel=6.8-rc4

Linux Linux Kernel=6.8-rc5

Linux Linux Kernel=6.8-rc6

IBM Security Verify Governance<=ISVG 10.0.2

IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2

IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2

IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

debian/linux

5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1

Remediation

Event History

Apr 4, 2024

CVE Published

via MITRE·08:20 AM

Data Sourced

via MITRE·08:20 AM

Description

Data Sourced

via Red Hat·04:31 PM

DescriptionSeverityAffected Software

May 16, 2024

Data Sourced

via Launchpad·09:12 PM

Description

Apr 27, 2025

Data Sourced

via Ubuntu·12:14 AM

RemedyDescriptionSeverityAffected Software

May 13, 2025

Data Sourced

via Debian·12:18 AM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7230443

Frequently Asked Questions

What is the severity of CVE-2024-26801?

CVE-2024-26801 has been classified as a high severity vulnerability affecting the Linux kernel.

How do I fix CVE-2024-26801?

To mitigate CVE-2024-26801, users should upgrade to the corrected versions of the Linux kernel as specified in the advisory.

Which Linux kernel versions are affected by CVE-2024-26801?

CVE-2024-26801 affects multiple versions, including kernel versions prior to 4.19.309, 5.4.271, 5.10.212, 5.15.151, 6.1.81, and others.

Is there a workaround for CVE-2024-26801?

While the recommended solution is to upgrade, there may not be effective workarounds for CVE-2024-26801.

Where can I find more information about CVE-2024-26801?

Additional details regarding CVE-2024-26801 can typically be found in the official Linux kernel security advisories and release notes.

CVE-2024-26801: Bluetooth: Avoid potential use-after-free in hci_error_reset

Other sources

Affected Software

Remediation

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Patch Available

Event History

Parent advisories

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-26801?

How do I fix CVE-2024-26801?

Which Linux kernel versions are affected by CVE-2024-26801?

Is there a workaround for CVE-2024-26801?

Where can I find more information about CVE-2024-26801?

Company

Resources

Contact