CVE-2024-49950
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's Bluetooth L2CAP implementation allows attackers to potentially execute arbitrary code or crash the system. This affects Linux systems with Bluetooth enabled, particularly those handling Bluetooth connections from untrusted devices.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to full system compromise, privilege escalation, or persistent access.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
No impact if Bluetooth is disabled or proper access controls prevent untrusted connections.
🎯 Exploit Status
Exploitation requires Bluetooth proximity and knowledge of the vulnerability. The KASAN report suggests it was found through fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing fix commits: 333b4fd11e89b29c84c269123f871883a30be586, 686e05c9dbd68766c6bda5f31f7e077f36a7fb29, 78d30ce16fdf9c301bcd8b83ce613cea079cea83, a1c6174e23df10b8e5770e82d63bc6e2118a3dc7, b22346eec479a30bfa4a02ad2c551b54809694d0
Vendor Advisory: https://git.kernel.org/stable/c/333b4fd11e89b29c84c269123f871883a30be586
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits. 2. Reboot system. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable Bluetooth
linuxCompletely disable Bluetooth functionality to prevent exploitation
sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo rfkill block bluetooth
Restrict Bluetooth Connections
linuxConfigure Bluetooth to only accept connections from trusted devices
sudo btmgmt power off
Configure Bluetooth settings to require pairing/authentication
🧯 If You Can't Patch
- Disable Bluetooth completely on affected systems
- Implement network segmentation to isolate Bluetooth-enabled devices
🔍 How to Verify
Check if Vulnerable:
Check if Bluetooth is enabled and kernel version is vulnerable: 'systemctl status bluetooth' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update contains fix commits: 'uname -r' and check kernel changelog📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Bluetooth connection failures
- System crashes related to l2cap_connect
Network Indicators:
- Unusual Bluetooth connection attempts
- Multiple failed Bluetooth pairing requests
SIEM Query:
source="kernel" AND "KASAN" AND "use-after-free" OR source="bluetooth" AND "l2cap_connect" AND error🔗 References
- https://git.kernel.org/stable/c/333b4fd11e89b29c84c269123f871883a30be586
- https://git.kernel.org/stable/c/686e05c9dbd68766c6bda5f31f7e077f36a7fb29
- https://git.kernel.org/stable/c/78d30ce16fdf9c301bcd8b83ce613cea079cea83
- https://git.kernel.org/stable/c/a1c6174e23df10b8e5770e82d63bc6e2118a3dc7
- https://git.kernel.org/stable/c/b22346eec479a30bfa4a02ad2c551b54809694d0
- https://git.kernel.org/stable/c/b90907696c30172b809aa3dd2f0caffae761e4c6
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
