CVE-2024-24857

Published Feb 5, 2024

Last updated 5 months ago

Overview

Description: A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
Source: security@openanolis.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.8
Impact score: 5.2
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-190
security@openanolis.org: CWE-362

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13BE712D-C8FA-4B87-9A81-D23E0DD30FD3",
            "versionEndIncluding": "3.19.8"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "531D8406-3925-4647-9961-38BC93A02F16",
            "versionEndIncluding": "6.7.2",
            "versionStartIncluding": "6.0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References