cbcvebase.
CVE-2024-8805
published 2024-11-22

CVE-2024-8805: BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute…

PriorityP262high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
2.03%
78.7th percentile
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.

Affected

42 ranges· showing 25
VendorProductVersion rangeFixed in
bluezbluez
debianlinux< linux 6.1.115-1 (bookworm)linux 6.1.115-1 (bookworm)
debianlinux-6.1< linux 6.1.115-1 (bookworm)linux 6.1.115-1 (bookworm)
linuxlinux
linuxlinux
linuxlinux
linuxlinux
linuxlinux
linuxlinux
linuxlinux
linuxlinux>= 3.10.48 < 3.113.11
linuxlinux>= 3.12.25 < 3.133.13
linuxlinux>= 3.14.12 < 3.153.15
linuxlinux>= 3.15.5 < 3.163.16
linuxlinux>= 3.2.61 < 3.33.3
linuxlinux>= 3.4.98 < 3.53.5
linuxlinux>= ba15a58b179ed76a7e887177f2b06de12c58ec8f < baaa50c6f91ea5a9c7503af51f2bc50e6568b66bbaaa50c6f91ea5a9c7503af51f2bc50e6568b66b
linuxlinux>= ba15a58b179ed76a7e887177f2b06de12c58ec8f < 22b49d6e4f399a390c70f3034f5fbacbb941385822b49d6e4f399a390c70f3034f5fbacbb9413858
linuxlinux>= ba15a58b179ed76a7e887177f2b06de12c58ec8f < d17c631ba04e960eb6f8728b10d585de20ac4f71d17c631ba04e960eb6f8728b10d585de20ac4f71
linuxlinux>= ba15a58b179ed76a7e887177f2b06de12c58ec8f < 830c03e58beb70b99349760f822e505ecb4eeb7e830c03e58beb70b99349760f822e505ecb4eeb7e
linuxlinux>= ba15a58b179ed76a7e887177f2b06de12c58ec8f < ad7adfb95f64a761e4784381e47bee1a362eb30dad7adfb95f64a761e4784381e47bee1a362eb30d
linuxlinux>= ba15a58b179ed76a7e887177f2b06de12c58ec8f < 5291ff856d2c5177b4fe9c18828312be302131935291ff856d2c5177b4fe9c18828312be30213193
linuxlinux>= ba15a58b179ed76a7e887177f2b06de12c58ec8f < b25e11f978b63cb7857890edb3a698599cddb10eb25e11f978b63cb7857890edb3a698599cddb10e
linuxlinux_kernel
linuxlinux_kernel

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2024-8805 affects BlueZ HID over GATT Profile (HoGP) — monitor for unauthenticated/unauthorized Bluetooth HID over GATT connections from network-adjacent (Bluetooth range) devices, particularly those that do not complete proper authorization before accessing HoGP functionality.
  • Authentication is not required to exploit this vulnerability — treat any unauthenticated Bluetooth HID over GATT pairing/connection attempt as suspicious, especially from previously unknown devices.
  • The vulnerability is network-adjacent (Bluetooth range) — focus detection on Bluetooth interface activity and unexpected HID device registrations on exposed Linux/BlueZ systems.
  • ·Debian fixed CVE-2024-8805 in kernel 6.1.115-1 (bookworm) and 6.11.4-1 (forky/sid/trixie); bullseye remains open. Red Hat Enterprise Linux 9 (kernel and kernel-rt) is listed as Affected.
  • ·BlueZ policy for JUST_WORKS pairing can be tuned via bluetoothd configuration (main.conf:JustWorksRepairing). Review this setting as a compensating control while patching.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_ubuntu8.8HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.