5.5

CVE-2024-43884

Bluetooth: MGMT: Add error handling to pair_device()

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: Add error handling to pair_device()

hci_conn_params_add() never checks for a NULL value and could lead to a NULL
pointer dereference causing a crash.

Fixed by adding error handling in the function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.3 <= 6.10.6
LinuxLinux Kernel Version6.11 Updaterc1
LinuxLinux Kernel Version6.11 Updaterc2
LinuxLinux Kernel Version6.11 Updaterc3
LinuxLinux Kernel Version6.11 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.175
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4
https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1
https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2
Patch
https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503
https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9
https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb
https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb
https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html