CVE-2024-24857: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in the Linux kernel's net/bluetooth device driver, specifically in the conn_info_{min,max}_age_set() function. The vulnerability, identified as CVE-2024-24857, was reported by a researcher from Beihang University School of Cyberspace Security. This vulnerability affects Linux kernel versions from 3.19.8 through 6.7.2 (NVD).

The vulnerability stems from a race condition in the conn_info_{min,max}age_set() function where parameter validation for hdev->conn_info{min,max}_age is performed without proper locking. This can lead to a situation where conn_info_max_age becomes smaller than conn_info_min_age, resulting in an integer overflow condition. The vulnerability has received a CVSS v3.1 base score of 6.8 (MEDIUM) with vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H (NVD, OpenAnolis Bug).

When exploited, this vulnerability can cause an integer overflow in the get_conn_info function when calculating conn_info_age. This results in the function returning invalid buffer values, leading to Bluetooth connection abnormalities and potential denial of service conditions (OpenAnolis Bug).

The fix involves expanding the buffer and including the parameter validation code within the hci_dev_lock critical section. Multiple Linux distributions have released patches, including Debian with versions 5.10.216-1~deb10u1 for Debian 10 and 4.19.316-1 for earlier versions (Debian LTS, Debian LTS).