CVE-2020-24490

MEDIUM

BlueZ - Unauthenticated Denial of Service via Adjacent Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-24490. PoCs published by AbrarKhan.

AI-analyzed exploit summary This repository appears to be a documentation dump from a Linux kernel version (4.19.72) and does not contain exploit code or a PoC for CVE-2020-24490. The files provided are standard kernel documentation and configuration scripts.

Description

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.

Exploits (2)

nomisec WRITEUP
by AbrarKhan · poc
https://github.com/AbrarKhan/Linux-4.19.72_CVE-2020-24490

This repository appears to be a documentation dump from a Linux kernel version (4.19.72) and does not contain exploit code or a PoC for CVE-2020-24490. The files provided are standard kernel documentation and configuration scripts.

Classification
Writeup 90%
Attack Type
N/a
Complexity
N/a
Reliability
N/a
Target: N/A
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by AbrarKhan · poc
https://github.com/AbrarKhan/linux_CVE-2020-24490-beforePatch

The provided code is a truncated snippet of the BlueZ Bluetooth stack's HCI event handling logic, specifically the `hci_event.c` file. It does not contain any exploit code or proof-of-concept for CVE-2020-24490, only legitimate Bluetooth protocol handling functions.

Classification
Stub 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: BlueZ (Bluetooth protocol stack for Linux)
No auth needed
Prerequisites: None identified in the provided code
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0222
EPSS Percentile 80.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (1)
bluez/bluez
Published Feb 02, 2021
Tracked Since Feb 18, 2026