Security tracker / CVE-2024-49950

CVE-2024-49950

Bluetooth: L2CAP: Fix uaf in l2cap_connect

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 7b064edae38d ("Bluetooth: Fix authentication if acl data comes
 carnil> before remote feature evt"). Vulnerable versions: 3.8-rc6.

Bugs

Status

Branch	Status
upstream	released (6.12-rc2) [333b4fd11e89b29c84c269123f871883a30be586]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.11-upstream-stable	released (6.11.3) [a1c6174e23df10b8e5770e82d63bc6e2118a3dc7]
6.10-upstream-stable	released (6.10.14) [78d30ce16fdf9c301bcd8b83ce613cea079cea83]
6.6-upstream-stable	released (6.6.55) [b90907696c30172b809aa3dd2f0caffae761e4c6]
6.1-upstream-stable	released (6.1.118) [b22346eec479a30bfa4a02ad2c551b54809694d0]
5.10-upstream-stable	needed
sid	released (6.11.4-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	released (6.1.119-1)
5.10-bullseye-security	needed