7.1

CVE-2024-36033

Bluetooth: qca: fix info leak when fetching board id

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: qca: fix info leak when fetching board id

Add the missing sanity check when fetching the board id to avoid leaking
slab data when later requesting the firmware.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.7 < 6.8.10
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
LinuxLinux Kernel Version6.9 Updaterc4
LinuxLinux Kernel Version6.9 Updaterc5
LinuxLinux Kernel Version6.9 Updaterc6
LinuxLinux Kernel Version6.9 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.158
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197
Patch
https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd
Patch
https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209
Patch
https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb
Patch
https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7
Patch