CVE-2024-36013: 
Linux Kernel vulnerability analysis and mitigation

A slab-use-after-free vulnerability was discovered in the Linux kernel's Bluetooth L2CAP implementation, specifically in the l2cap_connect() function. The vulnerability was assigned CVE-2024-36013 and was disclosed in May 2024. The issue affects the Bluetooth stack in the Linux kernel and occurs due to improper handling of channel objects during connection operations (NVD).

The vulnerability stems from a critical section that was not properly extended, allowing a channel object to be freed prematurely. The issue manifests in the l2cap_connect() function where a channel object could be accessed after being freed. The bug was introduced by commit 73ffa904b782 ("Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan"). The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (MEDIUM) with vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (CISA-ADP).

The vulnerability could lead to a use-after-free condition, potentially resulting in memory corruption and system crashes. When exploited, it could cause a denial of service condition or possibly lead to arbitrary code execution in the context of the kernel (NVD).

The vulnerability has been fixed by extending the critical section to prevent the channel from being freed early. Additionally, the l2cap_connect() function's return type was changed to void since the returned value was not being used. The fix is available in the Linux kernel through commit 4d7b41c0e43995b0e992b9f8903109275744b658 (Kernel Commit).