CVE-2024-50125: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50125 is a Use-After-Free (UAF) vulnerability discovered in the Linux kernel's Bluetooth SCO (Synchronous Connection-Oriented) implementation. The vulnerability occurs when sco_sock_timeout() is called, where conn->sk may have been unlinked or freed while waiting for sco_conn_lock. The vulnerability affects multiple versions of the Linux kernel, including versions from 4.14.263 through 6.11.6 (NVD).

The vulnerability is classified as a Use-After-Free (CWE-416) with a CVSS v3.1 Base Score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue specifically occurs in the Bluetooth SCO implementation where a race condition exists during socket timeout handling. The vulnerability stems from a situation where conn->sk might be unlinked or freed while waiting for sco_conn_lock, requiring validation of conn->sk's validity by checking if it's part of sco_sk_list (NVD).

The vulnerability could potentially lead to high-severity impacts affecting the confidentiality, integrity, and availability of the system, as indicated by the CVSS scoring. The local attack vector and low attack complexity suggest that an attacker with local access could potentially exploit this vulnerability to cause system compromise (NVD).

A fix has been implemented in the Linux kernel that adds validation of the socket's validity by checking if it's part of sco_sk_list before use. The patch introduces a new function sco_sock_hold() to safely handle the socket reference. The fix has been backported to multiple kernel versions (Kernel Patch).