CVE-2024-8805Improper Access Control in Bluez

CWE-284Improper Access ControlCWE-20Improper Input Validation48 documents7 sources
Severity
8.8HIGHNVD
NVD5.5OSV5.5OSV4.4
EPSS
2.6%
top 14.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedNov 22
Latest updateJul 18

Description

BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

NVDbluez/bluez5.77
CVEListV5linux/linuxba15a58b179ed76a7e887177f2b06de12c58ec8fbaaa50c6f91ea5a9c7503af51f2bc50e6568b66b+13
debiandebian/linux< linux 6.1.115-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.115-1 (bookworm)
NVDlinux/linux_kernel3.2.613.3+13

🔴Vulnerability Details

24
OSV
linux-intel-iotg-5.15 vulnerabilities2025-07-18
OSV
linux-raspi vulnerabilities2025-07-17
OSV
linux-intel-iotg vulnerabilities2025-07-04
OSV
linux-xilinx-zynqmp vulnerabilities2025-06-26
OSV
linux-aws vulnerabilities2025-06-24

📋Vendor Advisories

22
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2025-07-18
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-07-17
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2025-07-04
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-06-26
Ubuntu
Linux kernel (AWS) vulnerabilities2025-06-24