Improper locking in Linux kernel bluetooth
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-53207 |
| CWE-ID | CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper locking
EUVDB-ID: #VU102176
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-53207
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_name_complete(), set_default_phy_complete(), start_discovery_complete(), stop_discovery_complete() and read_local_oob_ext_data_complete() functions in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/5703fb1d85f653e35b327b14de4db7da239e4fd9
https://git.kernel.org/stable/c/6a25ce9b4af6dc26ee2b9c32d6bd37620bf9739e
https://git.kernel.org/stable/c/a66dfaf18fd61bb75ef8cee83db46b2aadf153d0
https://git.kernel.org/stable/c/c3f594a3473d6429a0bcf2004cb2885368741b79
https://git.kernel.org/stable/c/cac34e44281f1f1bd842adbbcfe3ef9ff0905111
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
