Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2024-24857
HistoryFeb 05, 2024 - 12:00 a.m.

CVE-2024-24857

2024-02-0500:00:00
ubuntu.com
ubuntu.com
16
linux kernel
bluetooth
race condition
integrity overflow
denial of service

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0

Percentile

13.4%

JSON

A race condition was found in the Linux kernel’s net/bluetooth device
driver in conn_info_{min,max}_age_set() function. This can result in
integrity overflow issue, possibly leading to bluetooth connection
abnormality or denial of service.

Bugs

Notes

Author Note
Priority reason: Requires write access to debugfs entries, which are restricted to root by default on Ubuntu kernels.
sbeattie proposed patch references as fixing 40ce72b1951c (“Bluetooth: Move common debugfs file creation …”) but it looks like the race condition existed since the introduction of the conn_info_{min,max}_age_set() functions.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-227.239UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-189.209UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-116.126UNKNOWN
ubuntu24.04noarchlinux< 6.8.0-38.38UNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1170.183UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1128.138UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1065.71UNKNOWN
ubuntu24.04noarchlinux-aws< 6.8.0-1011.12UNKNOWN
ubuntu14.04noarchlinux-aws< anyUNKNOWN
Rows per page:
1-10 of 821

References

Related

vulnrichment 1
nvd 1
cve 1
debiancve 1
cbl_mariner 1
redhatcve 1
prion 1
cvelist 1
nessus 29
photon 2
ubuntu 22
openvas 29
osv 27
mageia 2
debian 2
vulnrichment
vulnrichment
CVE-2024-24857 Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set()
2024-02-05 07:31:31
nvd
nvd
CVE-2024-24857
2024-02-05 08:15:44
cve
cve
CVE-2024-24857
2024-02-05 08:15:44
debiancve
debiancve
CVE-2024-24857
2024-02-05 08:15:44
cbl_mariner
cbl_mariner
CVE-2024-24857 affecting package kernel for versions less than 6.6.35.1-4
2024-08-14 20:43:58
redhatcve
redhatcve
CVE-2024-24857
2024-02-27 11:03:58
prion
prion
Race condition
2024-02-05 08:15:00
cvelist
cvelist
CVE-2024-24857 Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set()
2024-02-05 07:31:31
nessus
nessus
Photon OS 3.0: Linux PHSA-2024-3.0-0765
2024-08-03 00:00:00
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6922-2)
2024-08-01 00:00:00
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6922-1)
2024-07-31 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-3.0-0765
2024-06-07 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0274
2024-05-18 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-07-29 00:00:00
Linux kernel vulnerabilities
2024-08-01 00:00:00
Linux kernel (Azure) vulnerabilities
2024-08-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6922-1)
2024-07-30 00:00:00
Ubuntu: Security Advisory (USN-6922-2)
2024-08-02 00:00:00
Mageia: Security Advisory (MGASA-2024-0141)
2024-04-23 00:00:00
osv
osv
linux-nvidia-6.5 vulnerabilities
2024-07-29 09:54:35
linux-lowlatency-hwe-6.5 vulnerabilities
2024-08-01 13:39:54
linux - security update
2024-04-13 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2024-04-23 04:20:56
Updated kernel, kmod-xtables-addons, kmod-virtualbox packages fix security vulnerabilities
2024-04-23 04:20:56
debian
debian
[SECURITY] [DSA 5658-1] linux security update
2024-04-13 06:38:27
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0

Percentile

13.4%

JSON
Related for UB:CVE-2024-24857
vulnrichment1nvd1cve1debiancve1cbl_mariner1redhatcve1prion1cvelist1nessus29photon2ubuntu22openvas29osv27mageia2debian2