Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2024-24859
HistoryFeb 05, 2024 - 12:00 a.m.

CVE-2024-24859

2024-02-0500:00:00
ubuntu.com
ubuntu.com
13
linux kernel
bluetooth
race condition
denial of service
sniffing exception
bugzilla
sbeattie
debugfs
ubuntu kernels
cve-2024-24859

CVSS3

4.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

0

Percentile

12.7%

JSON

A race condition was found in the Linux kernel’s net/bluetooth in
sniff_{min,max}_interval_set() function. This can result in a bluetooth
sniffing exception issue, possibly leading denial of service.

Bugs

Notes

Author Note
Priority reason: Requires write access to debugfs entries, which are restricted to root by default on Ubuntu kernels.
sbeattie 7835fcfd132e (Bluetooth: Fix TOCTOU in HCI debugfs implementation, 2024-03-27) doesn’t reference this CVE in its commit message, but fixes the issues in the sniff_{min,max}_interval_set() functions as well.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< 5.4.0-189.209UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-116.126UNKNOWN
ubuntu24.04noarchlinux< 6.8.0-38.38UNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1128.138UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1065.71UNKNOWN
ubuntu24.04noarchlinux-aws< 6.8.0-1011.12UNKNOWN
ubuntu14.04noarchlinux-aws< anyUNKNOWN
Rows per page:
1-10 of 801

Related

vulnrichment 1
cve 1
nvd 1
cvelist 1
debiancve 1
redhatcve 1
prion 1
nessus 14
photon 2
osv 12
ubuntu 15
openvas 12
vulnrichment
vulnrichment
CVE-2024-24859 Race condition vulnerability in Linux kernel bluetooth sniff_{min,max}_interval_set()
2024-02-05 07:28:06
cve
cve
CVE-2024-24859
2024-02-05 08:15:44
nvd
nvd
CVE-2024-24859
2024-02-05 08:15:44
cvelist
cvelist
CVE-2024-24859 Race condition vulnerability in Linux kernel bluetooth sniff_{min,max}_interval_set()
2024-02-05 07:28:06
debiancve
debiancve
CVE-2024-24859
2024-02-05 08:15:44
redhatcve
redhatcve
CVE-2024-24859
2024-07-19 08:29:33
prion
prion
Race condition
2024-02-05 08:15:00
nessus
nessus
Photon OS 4.0: Linux PHSA-2024-4.0-0607
2024-07-24 00:00:00
Photon OS 5.0: Linux PHSA-2024-5.0-0274
2024-07-24 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6898-1)
2024-07-15 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-4.0-0607
2024-05-10 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0274
2024-05-18 00:00:00
osv
osv
linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities
2024-07-17 15:09:25
linux-aws-5.15 vulnerabilities
2024-07-23 09:43:14
linux-oracle, linux-xilinx-zynqmp vulnerabilities
2024-07-17 16:22:29
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-07-19 00:00:00
Linux kernel vulnerabilities
2024-07-12 00:00:00
Linux kernel vulnerabilities
2024-07-17 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6898-3)
2024-07-19 00:00:00
Ubuntu: Security Advisory (USN-6896-5)
2024-07-24 00:00:00
Ubuntu: Security Advisory (USN-6896-2)
2024-07-17 00:00:00

CVSS3

4.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

0

Percentile

12.7%

JSON
Related for UB:CVE-2024-24859
vulnrichment1cve1nvd1cvelist1debiancve1redhatcve1prion1nessus14photon2osv12ubuntu15openvas12