CVE-2024-24859

Advisory lineage Upstream: 0 Downstream: 26
Modified
Published: 05 Feb 2024, 07:28
Last modified:12 May 2026, 11:49

Vulnerability Summary

Overall Risk (default)
low
19/100
CVSS Score
4.8 MEDIUM
v3.1 (nvd)
EPSS Score
<0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

05 Feb 2024, 07:28
Published
Vulnerability first disclosed
12 May 2026, 11:49
Last Modified
Vulnerability information updated

Description

A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.

CVSS Metrics

  • v3.1MEDIUMScore: 4.6CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H
  • v3.1MEDIUMScore: 4.8CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 1%

Techniques & Countermeasures

  • CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

  • linuxlinux_kernel

    ≥ v4.0-rc1, < v6.8-rc2 | ≤ 3.19.8 | ≥ 6.0, ≤ 6.7.2 | 6.8:rc1

References (2)