Ubuntu.comUB:CVE-2024-24859CVE-2024-24859
4.8 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
5.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.9%
A race condition was found in the Linux kernel’s net/bluetooth in
sniff_{min,max}_interval_set() function. This can result in a bluetooth
sniffing exception issue, possibly leading denial of service.
Bugs
- <https://bugzilla.openanolis.cn/show_bug.cgi?id=8153>
- <https://bugzilla.suse.com/show_bug.cgi?id=1219612>
Notes
| Author | Note |
|---|---|
| Priority reason: Requires write access to debugfs entries, which are restricted to root by default on Ubuntu kernels. | |
| sbeattie | 7835fcfd132e (Bluetooth: Fix TOCTOU in HCI debugfs implementation, 2024-03-27) doesn’t reference this CVE in its commit message, but fixes the issues in the sniff_{min,max}_interval_set() functions as well. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
Related
4.8 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
5.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.9%