7.1

CVE-2024-35965

Bluetooth: L2CAP: Fix not validating setsockopt user input

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix not validating setsockopt user input

Check user input length before copying data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.39 < 5.10.227
LinuxLinux Kernel Version >= 5.11 < 6.1.87
LinuxLinux Kernel Version >= 6.2 < 6.6.55
LinuxLinux Kernel Version >= 6.7 < 6.8.7
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.147
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a
Patch
https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846
Patch
https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9
Patch
https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607
Patch
https://git.kernel.org/stable/c/f13b04cf65a86507ff15a9bbf37969d25be3e2a0
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html