{"api_version":"1","generated_at":"2026-06-03T09:12:23+00:00","cve":"CVE-2024-58009","urls":{"html":"https://cve.report/CVE-2024-58009","api":"https://cve.report/api/cve/CVE-2024-58009.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-58009","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-58009"},"summary":{"title":"Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.","state":"PUBLISHED","assigner":"Linux","published_at":"2025-02-27 03:15:11","updated_at":"2026-05-12 13:16:26"},"problem_types":["CWE-476"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://git.kernel.org/stable/c/691218a50c3139f7f57ffa79fb89d932eda9571e","name":"https://git.kernel.org/stable/c/691218a50c3139f7f57ffa79fb89d932eda9571e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/49c0d55d59662430f1829ae85b969619573d0fa1","name":"https://git.kernel.org/stable/c/49c0d55d59662430f1829ae85b969619573d0fa1","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1","name":"https://git.kernel.org/stable/c/5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/297ce7f544aa675b0d136d788cad0710cdfb0785","name":"https://git.kernel.org/stable/c/297ce7f544aa675b0d136d788cad0710cdfb0785","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/a9a7672fc1a0fe18502493936ccb06413ab89ea6","name":"https://git.kernel.org/stable/c/a9a7672fc1a0fe18502493936ccb06413ab89ea6","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/8e605f580a97530e5a3583beea458a3fa4cbefbd","name":"https://git.kernel.org/stable/c/8e605f580a97530e5a3583beea458a3fa4cbefbd","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22","name":"https://git.kernel.org/stable/c/245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html","name":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/cf601a24120c674cd7c907ea695f92617af6abd0","name":"https://git.kernel.org/stable/c/cf601a24120c674cd7c907ea695f92617af6abd0","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-58009","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-58009","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected f6ad641646b67f29c7578dcd6c25813c7dcbf51e a9a7672fc1a0fe18502493936ccb06413ab89ea6 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected daa13175a6dea312a76099066cb4cbd4fc959a84 8e605f580a97530e5a3583beea458a3fa4cbefbd git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a8677028dd5123e5e525b8195483994d87123de4 cf601a24120c674cd7c907ea695f92617af6abd0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected bb2f2342a6ddf7c04f9aefbbfe86104cd138e629 297ce7f544aa675b0d136d788cad0710cdfb0785 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8ad09ddc63ace3950ac43db6fbfe25b40f589dd6 245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 61686abc2f3c2c67822aa23ce6f160467ec83d35 691218a50c3139f7f57ffa79fb89d932eda9571e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7c4f78cdb8e7501e9f92d291a7d956591bf73be9 49c0d55d59662430f1829ae85b969619573d0fa1 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 7c4f78cdb8e7501e9f92d291a7d956591bf73be9 5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.13","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.13 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.4.291 5.4.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.235 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.179 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.129 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.78 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.14 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.13.3 6.13.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.14 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","version":"affected * custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"58009","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-03T19:33:22.791Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}],"title":"CVE Program Container"},{"affected":[{"defaultStatus":"unknown","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T12:01:51.321Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/bluetooth/l2cap_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"a9a7672fc1a0fe18502493936ccb06413ab89ea6","status":"affected","version":"f6ad641646b67f29c7578dcd6c25813c7dcbf51e","versionType":"git"},{"lessThan":"8e605f580a97530e5a3583beea458a3fa4cbefbd","status":"affected","version":"daa13175a6dea312a76099066cb4cbd4fc959a84","versionType":"git"},{"lessThan":"cf601a24120c674cd7c907ea695f92617af6abd0","status":"affected","version":"a8677028dd5123e5e525b8195483994d87123de4","versionType":"git"},{"lessThan":"297ce7f544aa675b0d136d788cad0710cdfb0785","status":"affected","version":"bb2f2342a6ddf7c04f9aefbbfe86104cd138e629","versionType":"git"},{"lessThan":"245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22","status":"affected","version":"8ad09ddc63ace3950ac43db6fbfe25b40f589dd6","versionType":"git"},{"lessThan":"691218a50c3139f7f57ffa79fb89d932eda9571e","status":"affected","version":"61686abc2f3c2c67822aa23ce6f160467ec83d35","versionType":"git"},{"lessThan":"49c0d55d59662430f1829ae85b969619573d0fa1","status":"affected","version":"7c4f78cdb8e7501e9f92d291a7d956591bf73be9","versionType":"git"},{"lessThan":"5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1","status":"affected","version":"7c4f78cdb8e7501e9f92d291a7d956591bf73be9","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["net/bluetooth/l2cap_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.13"},{"lessThan":"6.13","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.4.*","status":"unaffected","version":"5.4.291","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.235","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.179","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.129","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.78","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.14","versionType":"semver"},{"lessThanOrEqual":"6.13.*","status":"unaffected","version":"6.13.3","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.14","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.291","versionStartIncluding":"5.4.287","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.235","versionStartIncluding":"5.10.231","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.179","versionStartIncluding":"5.15.174","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.129","versionStartIncluding":"6.1.120","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.78","versionStartIncluding":"6.6.66","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.14","versionStartIncluding":"6.12.5","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.13.3","versionStartIncluding":"6.13","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.14","versionStartIncluding":"6.13","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool."}],"providerMetadata":{"dateUpdated":"2026-05-11T21:02:02.041Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/a9a7672fc1a0fe18502493936ccb06413ab89ea6"},{"url":"https://git.kernel.org/stable/c/8e605f580a97530e5a3583beea458a3fa4cbefbd"},{"url":"https://git.kernel.org/stable/c/cf601a24120c674cd7c907ea695f92617af6abd0"},{"url":"https://git.kernel.org/stable/c/297ce7f544aa675b0d136d788cad0710cdfb0785"},{"url":"https://git.kernel.org/stable/c/245d48c1ba3e7a1779c2f4cbc6f581ddc8a78e22"},{"url":"https://git.kernel.org/stable/c/691218a50c3139f7f57ffa79fb89d932eda9571e"},{"url":"https://git.kernel.org/stable/c/49c0d55d59662430f1829ae85b969619573d0fa1"},{"url":"https://git.kernel.org/stable/c/5f397409f8ee5bc82901eeaf799e1cbc4f8edcf1"}],"title":"Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2024-58009","datePublished":"2025-02-27T02:12:04.637Z","dateReserved":"2025-02-27T02:10:48.227Z","dateUpdated":"2026-05-12T12:01:51.321Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-02-27 03:15:11","lastModifiedDate":"2026-05-12 13:16:26","problem_types":["CWE-476"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.287","versionEndExcluding":"5.4.291","matchCriteriaId":"183DD166-8DC4-4649-9A25-46BB2A24DFA9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.231","versionEndExcluding":"5.10.235","matchCriteriaId":"7E60D250-7DA5-421A-9276-3C406DB49BF0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.174","versionEndExcluding":"5.15.179","matchCriteriaId":"7BD5DBB9-D703-4306-83D6-6C71ED09C66E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.120","versionEndExcluding":"6.1.129","matchCriteriaId":"022C9A3F-3004-4D03-BF8F-A31E7351A0B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.66","versionEndExcluding":"6.6.78","matchCriteriaId":"5687CE0A-79AA-464A-9531-3089807B3D4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.5","versionEndExcluding":"6.12.14","matchCriteriaId":"858572F1-DBB9-468B-853F-AA825654CF14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.3","matchCriteriaId":"0E92CEE3-1FC3-4AFC-A513-DEDBA7414F00"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"58009","Ordinal":"1","Title":"Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc","CVE":"CVE-2024-58009","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"58009","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.","Type":"Description","Title":"Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc"}]}}}