5.5

CVE-2024-26889

Bluetooth: hci_core: Fix possible buffer overflow

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_core: Fix possible buffer overflow

struct hci_dev_info has a fixed size name[8] field so in the event that
hdev->name is bigger than that strcpy would attempt to write past its
size, so this fixes this problem by switching to use strscpy.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.14.328 < 4.15
LinuxLinux Kernel Version >= 4.19.297 < 4.19.311
LinuxLinux Kernel Version >= 5.4.259 < 5.4.273
LinuxLinux Kernel Version >= 5.10.199 < 5.10.214
LinuxLinux Kernel Version >= 5.15.137 < 5.15.153
LinuxLinux Kernel Version >= 6.1.60 < 6.1.83
LinuxLinux Kernel Version >= 6.5.9 < 6.6.23
LinuxLinux Kernel Version >= 6.7 < 6.7.11
LinuxLinux Kernel Version >= 6.8 < 6.8.2
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.185
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
Mailing List
https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1
Patch
https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2
Patch
https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d
Patch
https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac
Patch
https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4
Patch
https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10
Patch
https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244
Patch
https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc
Patch
https://git.kernel.org/stable/c/68644bf5ec6baaff40fc39b3529c874bfda709bd
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html