Lucene search

[email protected]NVD:CVE-2024-24857

HistoryFeb 05, 2024 - 8:15 a.m.

CVE-2024-24857

2024-02-0508:15:44

CWE-190

CWE-362

[email protected]

web.nvd.nist.gov

linux kernel

bluetooth driver

race condition

cve-2024-24857

integrity overflow

denial of service

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

A race condition was found in the Linux kernel’s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤3.19.8

linuxlinux_kernelRange6.0–6.7.2

linuxlinux_kernelMatch6.8rc1

References

bugzilla.openanolis.cn/show_bug.cgi?id=8155

lists.debian.org/debian-lts-announce/2024/06/msg00017.html

lists.debian.org/debian-lts-announce/2024/06/msg00020.html

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for NVD:CVE-2024-24857

vulnrichment1 redhatcve1 debiancve1 ubuntucve1 cve1 prion1 cvelist1 photon1 openvas5 mageia2 osv4 debian2 nessus2