CVE-2024-24858

2024-02-0508:15:44

CWE-362

[email protected]

web.nvd.nist.gov

cve-2024-24858

linux kernel

net/bluetooth

race condition

denial of service

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

A race condition was found in the Linux kernel’s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤3.19.8

linuxlinux_kernelRange6.0–6.7.2

linuxlinux_kernelMatch6.8rc1

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.19.8
linux:linux_kernellinux linux kernelle6.7.2
linux:linux_kernellinux linux kerneleq6.8

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.19.8
linux:linux_kernel	linux linux kernel	le	6.7.2
linux:linux_kernel	linux linux kernel	eq	6.8

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "bluetooth"
    ],
    "packageName": "kernel",
    "platforms": [
      "Linux",
      "x86",
      "ARM"
    ],
    "product": "Linux kernel",
    "programFiles": [
      "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c"
    ],
    "repo": "https://gitee.com/anolis/cloud-kernel.git",
    "vendor": "Linux",
    "versions": [
      {
        "lessThan": "v6.8-rc2",
        "status": "affected",
        "version": "v4.0-rc1",
        "versionType": "custom"
      }
    ]
  }
]