Vulnerability Description
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 10.0 |
| Linux | Linux Kernel | <= 3.19.8 |
Related Weaknesses (CWE)
References
- https://bugzilla.openanolis.cn/show_bug.cgi?id=8155Permissions Required
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlThird Party Advisory
- https://bugzilla.openanolis.cn/show_bug.cgi?id=8155Permissions Required
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlThird Party Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
FAQ
What is CVE-2024-24857?
CVE-2024-24857 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth conne...
How severe is CVE-2024-24857?
CVE-2024-24857 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-24857?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Linux Linux Kernel.