CVE-2024-42132: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
In the Linux kernel, the following vulnerability has been resolved:
bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
Syzbot hit warning in hci_conn_del() caused by freeing handle that was
not allocated using ida allocator.
This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by
hci_le_big_sync_established_evt(), which makes code think it's unset
connection.
Add same check for handle upper bound as in hci_conn_set_handle() to
prevent warning.
Security readout for executives and security teams
Plain-English summary
CVE-2024-42132 is a Linux kernel Bluetooth handling flaw. A malformed or unexpected Bluetooth HCI event can pass a connection handle above the allowed maximum, triggering unsafe cleanup logic and a kernel warning. The public record does not provide CVSS, confirmed impact beyond the warning, or active exploitation evidence.
Executive priority
Treat this as a targeted kernel hygiene issue, not an emergency based on current evidence. Prioritize normal patch cycles for Bluetooth-capable Linux endpoints and embedded devices, with faster action where Bluetooth is exposed or hard to monitor.
Technical view
The flaw is in Linux Bluetooth HCI code. hci_le_big_sync_established_evt() could accept a handle greater than HCI_CONN_HANDLE_MAX, causing hci_conn_del() to treat it like an unset connection and free a handle not allocated through the ida allocator. Stable fixes add an upper-bound check matching hci_conn_set_handle().
Likely exposure
Exposure is most relevant to Linux systems running affected kernels with Bluetooth enabled, especially kernels listed in the source bundle such as 6.7, 6.6.39, 6.9.9, and 6.10. Exact distribution package exposure requires vendor mapping because the bundle gives kernel versions and upstream commit references, not distro advisories.
Exploitation context
The source bundle marks KEV as false and provides no public evidence of exploitation. The trigger path involves Bluetooth HCI event handling, but the bundle does not establish attacker prerequisites, proximity requirements, privileges, or weaponized exploit availability.
Researcher notes
Evidence supports a bounds-check fix in Bluetooth HCI BIG sync handling. The public record lacks CVSS, CWE, exploit details, and distro-specific impact. Avoid assuming code execution or active abuse without additional vendor or threat intelligence sources.
Mitigation direction
Apply Linux kernel updates that include the referenced stable fixes.
Check distribution advisories for patched package versions before scheduling rollout.
Disable Bluetooth where it is not operationally required.
Prioritize laptops, workstations, IoT, and embedded Linux systems with Bluetooth enabled.
Track vendor guidance because the bundle does not name configuration-only mitigations.
Validation and detection
Inventory running kernel versions across Linux assets.
Identify systems with Bluetooth hardware, drivers, or services enabled.
Compare installed kernels against vendor advisories and upstream stable fixes.
Confirm patched systems include the handle upper-bound check.
Review kernel logs for related Bluetooth HCI warnings during triage.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-42132 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.