CVE-2024-50078— Bluetooth: Call iso_exit() on module unload
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-50078
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bluetooth: Call iso_exit() on module unload
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call iso_exit() on module unload If iso_init() has been called, iso_exit() must be called on module unload. Without that, the struct proto that iso_init() registered with proto_register() becomes invalid, which could cause unpredictable problems later. In my case, with CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, loading the module again usually triggers this BUG(): list_add corruption. next->prev should be prev (ffffffffb5355fd0), but was 0000000000000068. (next=ffffffffc0a010d0). ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:29! Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 4159 Comm: modprobe Not tainted 6.10.11-4+bt2-ao-desktop #1 RIP: 0010:__list_add_valid_or_report+0x61/0xa0 ... __list_add_valid_or_report+0x61/0xa0 proto_register+0x299/0x320 hci_sock_init+0x16/0xc0 [bluetooth] bt_init+0x68/0xd0 [bluetooth] __pfx_bt_init+0x10/0x10 [bluetooth] do_one_initcall+0x80/0x2f0 do_init_module+0x8b/0x230 __do_sys_init_module+0x15f/0x190 do_syscall_64+0x68/0x110 ...
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在模块卸载时未调用iso_exit函数,导致注册的struct proto变为无效。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-50078
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-50078
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-10-29 · 21 CVEs total
| CVE-2024-50077 | Bluetooth: ISO: Fix multiple init when debugfs is disabled | |
| CVE-2024-50068 | mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets() | |
| CVE-2024-50069 | pinctrl: apple: check devm_kasprintf() returned value | |
| CVE-2024-50070 | pinctrl: stm32: check devm_kasprintf() returned value | |
| CVE-2024-50071 | pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func() | |
| CVE-2024-50072 | x86/bugs: Use code segment selector for VERW operand | |
| CVE-2024-50073 | tty: n_gsm: Fix use-after-free in gsm_cleanup_mux | |
| CVE-2024-50074 | parport: Proper fix for array out-of-bounds access | |
| CVE-2024-50075 | xhci: tegra: fix checked USB2 port number | |
| CVE-2024-50076 | vt: prevent kernel-infoleak in con_font_get() | |
| CVE-2024-50088 | btrfs: fix uninitialized pointer free in add_inode_ref() | |
| CVE-2024-50079 | io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work | |
| CVE-2024-50080 | ublk: don't allow user copy for unprivileged device | |
| CVE-2024-50081 | blk-mq: setup queue ->tag_set before initializing hctx | |
| CVE-2024-50082 | blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race | |
| CVE-2024-50083 | tcp: fix mptcp DSS corruption due to large pmtu xmit | |
| CVE-2024-50084 | net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() | |
| CVE-2024-50085 | mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow | |
| CVE-2024-50086 | ksmbd: fix user-after-free from session log off | |
| CVE-2024-50087 | btrfs: fix uninitialized pointer free on read_alloc_one_name() error |
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2024-50078
No comments yet