7.1

CVE-2024-35963

Bluetooth: hci_sock: Fix not validating setsockopt user input

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sock: Fix not validating setsockopt user input

Check user input length before copying data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.16 < 6.1.113
LinuxLinux Kernel Version >= 6.2 < 6.6.55
LinuxLinux Kernel Version >= 6.7 < 6.8.7
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.146
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://git.kernel.org/stable/c/0c18a64039aa3f1c16f208d197c65076da798137
Patch
https://git.kernel.org/stable/c/50173882bb187e70e37bac01385b9b114019bee2
Patch
https://git.kernel.org/stable/c/781f3a97a38a338bc893b6db7f9f9670bf1a9e37
Patch
https://git.kernel.org/stable/c/b2186061d6043d6345a97100460363e990af0d46
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html