CVE-2024-35965
📋 TL;DR
This CVE-2024-35965 is a Linux kernel Bluetooth L2CAP vulnerability where the kernel fails to validate user input length before copying data in setsockopt operations. This allows local attackers to trigger memory corruption or kernel crashes. Systems with Bluetooth enabled and running vulnerable Linux kernel versions are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context.
Likely Case
Local denial of service (kernel crash/panic) or information disclosure through memory corruption.
If Mitigated
Minimal impact if Bluetooth is disabled or proper access controls restrict local user privileges.
🎯 Exploit Status
Requires local access and ability to call setsockopt on Bluetooth sockets. Exploitation would require crafting specific input to trigger memory corruption.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits referenced in CVE). Check specific distribution kernel versions.
Vendor Advisory: https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image-*. 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable Bluetooth
linuxCompletely disable Bluetooth functionality to prevent exploitation
systemctl stop bluetooth
systemctl disable bluetooth
rfkill block bluetooth
Restrict Bluetooth socket access
linuxUse SELinux/AppArmor to restrict which users can access Bluetooth sockets
# Configure SELinux/AppArmor policies to restrict Bluetooth socket access
🧯 If You Can't Patch
- Disable Bluetooth functionality completely
- Restrict local user access and implement strict privilege separation
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution security advisories. Check if Bluetooth is enabled: systemctl status bluetoothCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from distribution. Check that Bluetooth functionality still works if needed.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Bluetooth subsystem crashes in dmesg
- Unexpected Bluetooth socket operations from non-privileged users
Network Indicators:
- None - local exploit only
SIEM Query:
Search for: 'kernel panic' OR 'Oops' OR 'segfault' in system logs from Bluetooth-related processes🔗 References
- https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a
- https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846
- https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9
- https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607
- https://git.kernel.org/stable/c/f13b04cf65a86507ff15a9bbf37969d25be3e2a0
- https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846
- https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9
- https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
