CVE-2024-35964: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-35964 is a vulnerability in the Linux kernel's Bluetooth ISO implementation that was discovered and disclosed on May 20, 2024. The vulnerability specifically affects the setsockopt user input validation in the Bluetooth ISO socket type. The issue stems from insufficient validation of user input length before copying data in the Bluetooth subsystem (NVD, CVE).

The vulnerability exists in the Linux kernel's Bluetooth ISO implementation where user input length was not properly validated before copying data in the setsockopt function. The issue affects multiple components introduced by several commits including 'Bluetooth: Add BTPROTOISO socket type', 'Bluetooth: ISO: Add support for BTPKTSTATUS', and 'Bluetooth: ISO: Add broadcast support'. The fix involves implementing proper validation of user input length using btcopyfromsockptr before performing data copying operations (Kernel Commit).

While specific impact details are not explicitly stated in the sources, the vulnerability could potentially allow an attacker with local access to trigger memory corruption through improper input validation in the Bluetooth subsystem. This could lead to potential system crashes or privilege escalation in affected Linux kernel versions (Ubuntu).

The vulnerability has been fixed in various Linux kernel versions. Ubuntu has released patches for version 24.04 LTS (noble) with kernel version 6.8.0-38.38, and similar fixes have been applied to other distributions. Users are advised to update their kernel to the latest patched version. The fix has been backported to multiple kernel versions to ensure broad coverage (Ubuntu).