CVE-2024-21803

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.12-rc2 through 6.8-rc1

Description The issue is related to a Use After Free vulnerability in the Linux kernel's bluetooth module, specifically in the net/bluetooth/af bluetooth.c driver. This vulnerability can be exploited to allow an attacker to execute arbitrary code locally. The vulnerability is associated with the program file https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af bluetooth.C.

Recommendations For Linux kernel versions 2.6.12-rc2 through 6.8-rc1, update to a version after 6.8-rc1 to resolve the issue. As a temporary workaround, consider disabling the bluetooth module until a patch is available. Restrict access to the vulnerable af bluetooth.c driver to minimize the risk of exploitation.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2024-10855

ALT-PU-2024-6002

AZL-34203

AZL-34875

BDU:2024-01034

CVE-2024-21803

ECHO-AEBF-CD88-77B2

Affected Products

Alt Linux

Astra Linux

Debian

Linux Kernel

CVE-2024-21803

Weakness Enumeration

Related Identifiers

Affected Products

References · 26