CVE-2024-35964

Advisory lineage Upstream: 0 Downstream: 17

Downstream

DEBIAN-CVE-2024-35964 DLA-4008-1 DSA-5818-1 RHSA-2025:6966 SUSE-SU-2024:2008-1 SUSE-SU-2024:2019-1

Modified

Published: 20 May 2024, 09:41

Last modified:11 May 2026, 20:14

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7.1 HIGH

v3.1 (nvd)

EPSS Score

<0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 May 2024, 09:41

Published

Vulnerability first disclosed

11 May 2026, 20:14

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not validating setsockopt user input Check user input length before copying data.

CVSS Metrics

v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-1284•Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Affected Systems

linux•linux
≥ ccf74f2390d60a2f9a75ef496d2564abb478f46a, < cec736e60dc18d91b88af28d96664bff284b02d1 | ≥ ccf74f2390d60a2f9a75ef496d2564abb478f46a, < 6a6baa1ee7a9df33adbf932305053520b9741b35 | ≥ ccf74f2390d60a2f9a75ef496d2564abb478f46a, < 0c4a89f4690478969729c7ba5f69d53d8516aa12 | ≥ ccf74f2390d60a2f9a75ef496d2564abb478f46a, < 9e8742cdfc4b0e65266bb4a901a19462bda9285e | 6.0
linux•linux_kernel
≥ 6.0, < 6.1.119 | ≥ 6.2, < 6.6.55 | ≥ 6.7, < 6.8.7 | 6.9:rc1 | 6.9:rc2 | 6.9:rc3