CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
13.4%
A race condition was found in the Linux kernel’s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
linux | linux_kernel | 6.8 | cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"modules": [
"bluetooth"
],
"packageName": "kernel",
"platforms": [
"Linux",
"x86",
"ARM"
],
"product": "Linux kernel",
"programFiles": [
"https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c"
],
"repo": "https://gitee.com/anolis/cloud-kernel.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "v6.8-rc2",
"status": "affected",
"version": "v4.0-rc1",
"versionType": "custom"
}
]
}
]