CVE-2024-26889

MEDIUM

Linux Kernel < 4.15 - Buffer Overflow

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy.

References (11)

Core 11

Core References

Patch

https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1

Patch

https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2

Patch

https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d

Patch

https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac

Patch

https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4

Patch

https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10

Patch

https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244

Patch

https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc

Patch

https://git.kernel.org/stable/c/68644bf5ec6baaff40fc39b3529c874bfda709bd

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (2)

debian/debian_linux 10.0

linux/linux_kernel 4.14.328 - 4.15

Published Apr 17, 2024

Tracked Since Feb 18, 2026