CVE-2024-21803

2024-01-3011:01:58

redhat.com

access.redhat.com

cve-2024-21803

nvd

after-free vulnerability

linux kernel

x86 arm

bluetooth module

local code execution

program file

gitee.com

anolis

cloud-kernel

af_bluetooth.c

version v6.8-rc1

version v2.6.12-rc2

mitigation

red hat product security

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

NVD describes an after-free vulnerability found in the Linux kernel in the Linux x86 ARM Bluetooth module that allows local code execution. This vulnerability is associated with the program file, https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects the Linux kernel in versions v6.8-rc1 through v2.6.12-rc2.

Mitigation

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.