CVE-2024-8805

Name of the Vulnerable Software and Affected Versions BlueZ versions prior to a currently unspecified fix Linux kernel versions 6.1 through 6.1.119-1~deb11u1 Linux kernel (Azure) (affected versions not specified) Linux kernel (AWS) (affected versions not specified) Linux kernel (OEM) (affected versions not specified) Linux kernel (HWE) (affected versions not specified)

Description Multiple vulnerabilities exist within BlueZ and the Linux kernel. A critical vulnerability in BlueZ allows for remote code execution due to improper access control within the HID over GATT Profile. Authentication is not required for exploitation. Additionally, vulnerabilities have been discovered in the Linux kernel that could lead to privilege escalation, denial of service, or information leaks. Specifically, Debian 11 bullseye has received updates to address these kernel vulnerabilities, with fixes included in version 6.1.119-1~deb11u1. These vulnerabilities impact various Linux kernel configurations including Azure, AWS, OEM, and HWE.

Recommendations Upgrade BlueZ to the latest available version. Upgrade the Linux kernel to version 6.1.119-1~deb11u1 on Debian 11 bullseye systems. Apply available security updates for Linux kernel (Azure), Linux kernel (AWS), Linux kernel (OEM), and Linux kernel (HWE) configurations.