CVE-2024-56591
MediumIn the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Use disable_delayed_work_sync This makes use of disable_delayed_work_sync instead cancel_delayed_work_sync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding the work is about to be freed.
CVSS 3.1 score
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected versions
Linux kernel versions
3.3
and later are affected. Fixed in
6.12.5,
6.13
and their respective stable series.
References
The following references provide additional information about CVE-2024-56591 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/2b0f2fc9ed62e73c95df1fa8ed2ba3dac54699df
-
PatchKernel patch commithttps://git.kernel.org/stable/c/c55a4c5a04bae40dcdc1e1c19d8eb79a06fb3397
Frequently asked questions
-
What is CVE-2024-56591?
CVE-2024-56591 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 3.3 onward and has been patched in 6.12.5 and 6.13. CVE-2024-56591 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2024-56591?
CVE-2024-56591 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. -
Is there a patch available for CVE-2024-56591?
Yes — CVE-2024-56591 has been patched. Fixed versions include 6.12.5 and 6.13. If you are running Linux kernel 3.3 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2024-56591 actively exploited?
No — CVE-2024-56591 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.