CVE-2024-22099
Advisory lineage Upstream: 0 Downstream: 50
Modified
Published: 25 Jan 2024, 07:02
Last modified:12 May 2026, 11:43
Vulnerability Summary
Overall Risk (default)
medium
25/100 CVSS Score
6.3 MEDIUM
v3.1 (cve.org)
EPSS Score
0.05% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
25 Jan 2024, 07:02
Published
Vulnerability first disclosed
12 May 2026, 11:43
Last Modified
Vulnerability information updated
Description
NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.05%• Percentile: 17%
Techniques & Countermeasures
- CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Systems
- linux•linux_kernel
≥ v2.6.12-rc2, < v6.8-rc1 | 2.6.12:rc2
References (6)
- https://bugzilla.openanolis.cn/show_bug.cgi?id=7956
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html