CVE-2024-24858

Description

A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

CVSS Metrics

• v3.1•MEDIUM•Score: 4.6CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H
• v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 7%

Techniques & Countermeasures

• CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

• debian•debian_linux

  10.0

• linux•linux_kernel

  ≥ v4.0-rc1, < v6.8-rc2 | ≤ 3.19.8 | ≥ 6.0, ≤ 6.6.25 | ≥ 6.7, ≤ 6.7.12 | 6.8:rc1

References (4)

• https://bugzilla.openanolis.cn/show_bug.cgi?id=8154
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
• https://cert-portal.siemens.com/productcert/html/ssa-265688.html