CVE-2024-24858
MEDIUMLinux kernel < 3.19.8 and >=v4.0-rc1 <v6.8-rc2 - Denial of Service via Bluetooth Interval Set Race Condition
Title source: llmDescription
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.
References (4)
Core 4
Core References
Permissions Required
https://bugzilla.openanolis.cn/show_bug.cgi?id=8154
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Scores
CVSS v3
4.6
EPSS
0.0003
EPSS Percentile
7.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-362
Status
published
Products (4)
debian/debian_linux
10.0
Linux/Linux kernel
v4.0-rc1 - v6.8-rc2
linux/linux_kernel
6.8 rc1
linux/linux_kernel
< 3.19.8
Published
Feb 05, 2024
Tracked Since
Feb 18, 2026