Login Sign Up

CVE-2024-36012

7.8 HIGH

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's Bluetooth Microsoft extension (msft) allows local attackers to potentially crash the system or execute arbitrary code. The vulnerability occurs when msft_do_close() accesses freed memory after msft_unregister() has already deallocated it. This affects Linux systems with Bluetooth functionality enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions with the vulnerable msft Bluetooth code (specific versions not provided in CVE, but patches exist for multiple stable branches)
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Bluetooth functionality to be enabled and the Microsoft extension to be in use.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, leading to complete system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

Limited impact if Bluetooth is disabled or the system has proper kernel hardening protections.

🌐 Internet-Facing: LOW - Requires local access to the system.
🏢 Internal Only: MEDIUM - Local attackers on multi-user systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of triggering the specific race condition between msft_do_close() and msft_unregister().

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 10f9f426ac6e752c8d87bf4346930ba347aaabac, 4f1de02de07748da80a8178879bc7a1df37fdf56, a85a60e62355e3bf4802dead7938966824b23940, e3880b531b68f98d3941d83f2f6dd11cf4fd6b76

Vendor Advisory: https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac

Restart Required: Yes

Instructions:

1. Update Linux kernel to a patched version. 2. Check your distribution's security advisories for specific package updates. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable Bluetooth

linux

Disable Bluetooth functionality to prevent exploitation of the vulnerable code path.

sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo rfkill block bluetooth

🧯 If You Can't Patch

  • Disable Bluetooth functionality completely
  • Implement strict access controls to limit local user privileges

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if it includes the vulnerable msft code. Examine /proc/version or use uname -r and compare with distribution security advisories.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched versions. Check that Bluetooth functions normally without crashes.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • KASAN reports of slab-use-after-free in msft_do_close()
  • Bluetooth subsystem crashes

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

search 'kernel panic' OR 'KASAN' OR 'slab-use-after-free' AND 'msft' OR 'Bluetooth'

📊 Metadata

CVE ID: CVE-2024-36012
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: May 23, 2024
Last Updated: January 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36012, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)