Rapid7

vulnerability

Red Hat: CVE-2024-56590: kernel: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (Multiple Advisories)

Severity
3
CVSS
(AV:L/AC:L/Au:S/C:N/I:P/A:P)
Published
Dec 27, 2024
Added
May 15, 2025
Modified
Jun 12, 2026

Description

A use-after-free vulnerability was found in the Linux kernel. The Bluetooth firmware isn't checked if skb contains an ACL header, otherwise the code may attempt to access some uninitialized or invalid memory past the valid skb->data.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.