Linux Kernel Bluetooth L2CAP Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Bluetooth L2CAP implementation of the Linux kernel. This issue arises in the function 'l2cap_sock_get_sndtimeo_cb()', where a lack of proper null checks can lead to dereferencing a null pointer. The vulnerability has been addressed by adding a null guard in this function, similar to the safeguards already present in 'l2cap_sock_resume_cb()' and 'l2cap_sock_ready_cb()'.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a crash or undefined behavior in the application.

Reproduction

The vulnerability can be reproduced by invoking the 'l2cap_sock_get_sndtimeo_cb()' function without a valid 'sock' structure, which will result in a null pointer dereference. This can occur in scenarios where the Bluetooth L2CAP socket is improperly managed or where channels are accessed without ensuring they are valid.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.