CVE-2024-35963

Advisory lineage Upstream: 0 Downstream: 31

Downstream

DEBIAN-CVE-2024-35963 DLA-4008-1 RHSA-2025:6966 SUSE-SU-2024:2008-1 SUSE-SU-2024:2019-1 SUSE-SU-2024:2135-1

Modified

Published: 20 May 2024, 09:41

Last modified:11 May 2026, 20:14

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7.1 HIGH

v3.1 (nvd)

EPSS Score

<0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 May 2024, 09:41

Published

Vulnerability first disclosed

11 May 2026, 20:14

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Fix not validating setsockopt user input Check user input length before copying data.

CVSS Metrics

v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-1284•Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Affected Systems

linux•linux
≥ 09572fca7223bcf32c9f0d5e100d8381a81d55f4, < 781f3a97a38a338bc893b6db7f9f9670bf1a9e37 | ≥ 09572fca7223bcf32c9f0d5e100d8381a81d55f4, < 0c18a64039aa3f1c16f208d197c65076da798137 | ≥ 09572fca7223bcf32c9f0d5e100d8381a81d55f4, < 50173882bb187e70e37bac01385b9b114019bee2 | ≥ 09572fca7223bcf32c9f0d5e100d8381a81d55f4, < b2186061d6043d6345a97100460363e990af0d46 | 5.16
linux•linux_kernel
≥ 5.16, < 6.1.113 | ≥ 6.2, < 6.6.55 | ≥ 6.7, < 6.8.7 | 6.9:rc1 | 6.9:rc2 | 6.9:rc3