CVE-2024-58013 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2024-58013?

CVE-2024-58013 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's Bluetooth management subsystem. It allows attackers with local access to potentially crash the kernel or execute arbitrary code by triggering a race condition during advertisement monitor removal. Systems running vulnerable Linux kernel versions with Bluetooth enabled are affected.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's Bluetooth management subsystem. It allows attackers with local access to potentially crash the kernel or execute arbitrary code by triggering a race condition during advertisement monitor removal. Systems running vulnerable Linux kernel versions with Bluetooth enabled are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable versions not explicitly stated in CVE, but references indicate fixes in stable kernel trees. Likely affects versions around 6.12.0 and earlier with the vulnerable code.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Bluetooth subsystem to be enabled and in use. Systems without Bluetooth hardware or with Bluetooth disabled are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential privilege escalation to kernel-level code execution, enabling full system compromise.

🟠

Likely Case

Kernel crash (denial of service) causing system instability or reboot, potentially disrupting Bluetooth functionality.

🟢

If Mitigated

Limited impact if Bluetooth is disabled or access controls restrict local user privileges.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and timing precision to trigger the race condition. The KASAN report suggests it was discovered through fuzzing (syzkaller).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits: 0f3d05aacbfc, 26fbd3494a7d, 4ebbcb9bc794, 75e65b983c5e, ebb90f23f0ac)

Vendor Advisory: https://git.kernel.org/stable/c/0f3d05aacbfcf3584bbd9caaee34cb02508dab68

Restart Required: Yes

Instructions:

1. Update to a patched Linux kernel version from your distribution's repositories. 2. For custom kernels, apply the relevant patches from the stable kernel git tree. 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable Bluetooth

Linux

Completely disable Bluetooth functionality to eliminate the attack surface.

sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo rmmod btusb bluetooth

Restrict Bluetooth access

Linux

Use kernel module blacklisting to prevent Bluetooth modules from loading.

echo 'blacklist bluetooth' | sudo tee /etc/modprobe.d/disable-bluetooth.conf
sudo update-initramfs -u

🧯 If You Can't Patch

Disable Bluetooth functionality entirely if not needed
Implement strict access controls to limit local user privileges on affected systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if Bluetooth is active: 'uname -r' and 'systemctl status bluetooth' or 'lsmod | grep bluetooth'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to a patched version and check that Bluetooth functionality still works properly after patch.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
KASAN reports mentioning mgmt_remove_adv_monitor_sync
System crashes or unexpected reboots

Network Indicators:

Sudden loss of Bluetooth connectivity

SIEM Query:

source="kernel" AND ("KASAN" OR "slab-use-after-free" OR "mgmt_remove_adv_monitor")

📊 Metadata

CVE ID: CVE-2024-58013

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.03% exploit probability (7.6th percentile)

Published: February 27, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58013, you might also want to check these: