CVE-2024-43884

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the function.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4
https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1
https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2	Patch
https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503
https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9
https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb
https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb
https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc4::::::

History

04 Sep 2024, 12:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1 - () https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9 - () https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb - () https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb -

29 Aug 2024, 17:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4 - () https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503 - () https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61 -

27 Aug 2024, 14:37

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: MGMT: agregar manejo de errores a pair_device() hci_conn_params_add() nunca busca un valor NULL y podría provocar una desreferencia del puntero NULL que causa un bloqueo. Se solucionó agregando manejo de errores en la función.
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-476
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
References	~~() https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2 -~~	() https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2 - Patch

26 Aug 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-26 08:15

Updated : 2024-09-04 12:15

NVD link : CVE-2024-43884

Mitre link : CVE-2024-43884

CVE.ORG link : CVE-2024-43884

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10