CVE-2024-24857

CVSS v3.1 6.8 (Medium)

EPSS 0.04 % (14^th)

Affected Products 1

Advisories 24

NVD Status Modified

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

Weaknesses

CWE-190: Integer Overflow or Wraparound
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE Status: PUBLISHED
NVD Status: Modified
CNA: OpenAnolis
Published Date: 2024-02-05 08:15:44
(7 months ago)
Updated Date: 2024-06-27 12:15:17
(2 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel 3.19.8 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 3.19.8
Linux Kernel from 6.0 version and 6.7.2 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 6.0	<= 6.7.2
Linux Kernel 6.8 Rc1	cpe:2.3:o:linux:linux_kernel:6.8:rc1