CVE-2020-35499
MEDIUMLinux Kernel < 5.10.4 - NULL Pointer Dereference in SCO Socket Getsockopt
Title source: llmDescription
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1910048
Scores
CVSS v3
6.7
EPSS
0.0027
EPSS Percentile
19.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-476
Status
published
Products (1)
linux/linux_kernel
5.10 - 5.10.4
Published
Feb 19, 2021
Tracked Since
Feb 18, 2026