PT-2024-6362 · Linux+4 · Linux Kernel+4

Published

2024-05-14

Updated

2026-03-14

CVE-2024-38620

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to the removal of HCI AMP support in the Linux kernel's Bluetooth HCI component. Since BT HS has been removed, HCI AMP controllers no longer have any use, and their removal also eliminates the capability of creating AMP controllers. As a result, the differentiation between AMP and Primary controllers is no longer needed, and the hdev->dev type variable has been removed. The issue is associated with incorrect input validation, which could allow an attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

AZL-68108

BDU:2024-07403

CVE-2024-38620

ECHO-517C-7B45-2C54

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1863

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Debian

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-6362 · Linux+4 · Linux Kernel+4

CVE-2024-38620

Weakness Enumeration

Related Identifiers

Affected Products

References · 321