PT-2024-1602 · Linux+8 · Linux Kernel+8

Shiloong

+1

·

Published

2024-02-04

·

Updated

2025-02-08

·

CVE-2024-24857

CVSS v3.1

6.8

Medium

VectorAV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A race condition was found in the Linux kernel's net/bluetooth device driver in the conn info {min,max} age set() function. This can result in an integrity overflow issue, possibly leading to Bluetooth connection abnormality or denial of service. The issue is related to an integer overflow due to concurrent access to a resource, which can be exploited by a remote attacker to impact the integrity of protected information and cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Integer Overflow

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-362

Related Identifiers

ALSA-2024:8856
ALSA-2024:8870
ALT-PU-2024-10855
AZL-34881
BDU:2024-01193
CESA-2024_8856
CESA-2024_8870
CVE-2024-24857
DLA-3840-1
DLA-3842-1
DSA-5658-1
DSA-5681-1
INFSA-2024_8856
INFSA-2024_8870
INFSA-2024_9315
MGASA-2024-0141
MGASA-2024-0142
OESA-2025-1094
OESA-2025-1095
OESA-2025-1096
RHSA-2024:8856
RHSA-2024:8870
RHSA-2024:9315
RHSA-2024_8856
RHSA-2024_8870
RHSA-2024_9315
RHSA-2025:3215
RLSA-2024:8856
RLSA-2024:8870
USN-6893-1
USN-6893-2
USN-6893-3
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6918-1
USN-6919-1
USN-6922-1
USN-6922-2
USN-6926-1
USN-6926-2
USN-6926-3
USN-6927-1
USN-6938-1
USN-7019-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Ubuntu