CVE-2024-24857
MEDIUMLinux kernel < 3.19.8 and >=v4.0-rc1 <v6.8-rc2 - Denial of Service via Bluetooth Connection Info Race Condition
Title source: llmDescription
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
References (4)
Core 4
Core References
Permissions Required
https://bugzilla.openanolis.cn/show_bug.cgi?id=8155
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Scores
CVSS v3
4.6
EPSS
0.0003
EPSS Percentile
8.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
CWE-362
Status
published
Products (4)
debian/debian_linux
10.0
Linux/Linux kernel
v4.0-rc1 - v6.8-rc2
linux/linux_kernel
6.8 rc1
linux/linux_kernel
< 3.19.8
Published
Feb 05, 2024
Tracked Since
Feb 18, 2026