CVE-2024-35967
📋 TL;DR
This CVE-2024-35967 is a Linux kernel Bluetooth SCO socket vulnerability where the kernel fails to validate user input length in setsockopt calls, allowing out-of-bounds memory reads. This affects any system running vulnerable Linux kernel versions with Bluetooth functionality enabled. Attackers could potentially read kernel memory or cause denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure leading to information leakage, privilege escalation, or system crash/panic.
Likely Case
Denial of service through kernel panic or system instability when malicious input triggers the out-of-bounds read.
If Mitigated
Minimal impact if Bluetooth is disabled or systems are properly patched.
🎯 Exploit Status
Requires local access or ability to interact with Bluetooth sockets. Discovered via syzkaller fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing fixes from the referenced git commits
Vendor Advisory: https://git.kernel.org/stable/c/2c2dc87cdebef3fe3b9d7a711a984c70e376e32e
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the fix commits. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable Bluetooth
linuxCompletely disable Bluetooth subsystem to prevent exploitation
sudo systemctl disable bluetooth
sudo systemctl stop bluetooth
sudo rmmod btusb bluetooth
Blacklist Bluetooth modules
linuxPrevent Bluetooth kernel modules from loading
echo 'blacklist bluetooth' | sudo tee /etc/modprobe.d/disable-bluetooth.conf
echo 'blacklist btusb' | sudo tee -a /etc/modprobe.d/disable-bluetooth.conf
🧯 If You Can't Patch
- Disable Bluetooth functionality completely using workaround commands
- Restrict local user access to systems and monitor for suspicious Bluetooth socket operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if Bluetooth is enabled: uname -r && systemctl status bluetoothCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond vulnerable commits and Bluetooth is either disabled or patched📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN out-of-bounds read warnings in dmesg
- Bluetooth socket error messages
Network Indicators:
- Unusual Bluetooth socket operations from unexpected processes
SIEM Query:
source="kernel" AND ("KASAN" OR "slab-out-of-bounds" OR "sco_sock")🔗 References
- https://git.kernel.org/stable/c/2c2dc87cdebef3fe3b9d7a711a984c70e376e32e
- https://git.kernel.org/stable/c/419a0ffca7010216f0fc265b08558d7394fa0ba7
- https://git.kernel.org/stable/c/51eda36d33e43201e7a4fd35232e069b2c850b01
- https://git.kernel.org/stable/c/72473db90900da970a16ee50ad23c2c38d107d8c
- https://git.kernel.org/stable/c/7bc65d23ba20dcd7ecc094a12c181e594e5eb315
- https://git.kernel.org/stable/c/b0e30c37695b614bee69187f86eaf250e36606ce
- https://git.kernel.org/stable/c/419a0ffca7010216f0fc265b08558d7394fa0ba7
- https://git.kernel.org/stable/c/51eda36d33e43201e7a4fd35232e069b2c850b01
- https://git.kernel.org/stable/c/72473db90900da970a16ee50ad23c2c38d107d8c
- https://git.kernel.org/stable/c/7bc65d23ba20dcd7ecc094a12c181e594e5eb315
- https://git.kernel.org/stable/c/b0e30c37695b614bee69187f86eaf250e36606ce
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
