CVE-2024-24857 — Race Condition in Kernel

CWE-362 — Race Condition CWE-190 — Integer Overflow or Wraparound47 documents9 sources

Severity

6.8MEDIUMNVD

OSV7.0OSV5.5

EPSS

0.0%

top 93.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux +2 more

Timeline

PublishedFeb 5

Latest updateSep 18

Description

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 1.6 | Impact: 5.2

Affected Packages7 packages

▶CVEListV5linux/linux_kernelv4.0-rc1 — v6.8-rc2

▶NVDlinux/linux_kernel6.7 — 6.7.12+3

▶Debianlinux/linux_kernel< 5.10.216-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-189.209+3

▶msrcmsrc/azl3_kernel_6.6.35.1-4_on_azure_linux_3.0

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

linux-xilinx-zynqmp vulnerabilities↗2024-09-18

▶

OSV

linux-lowlatency-hwe-6.5 vulnerabilities↗2024-08-01

▶

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2024-07-31

▶

OSV

linux-gcp-5.15 vulnerabilities↗2024-07-30

▶

OSV

linux-nvidia-6.5 vulnerabilities↗2024-07-29

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2024-09-18

▶

Ubuntu

Linux kernel vulnerabilities↗2024-08-01

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-31

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-30

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-29

▶

💬Community

Bugzilla

CVE-2024-24857 kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set()↗2024-02-27

▶