CVE-2024-26889
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_core: Fix possible buffer overflow
struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 194ab82c1ea187512ff2f822124bd05b63fc9f76 < 6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac | affected |
| Linux | Linux | b48595f5b1c6e81e06e164e7d2b7a30b1776161e < 54a03e4ac1a41edf8a5087bd59f8241b0de96d3d | affected |
| Linux | Linux | ffb060b136dd75a033ced0fc0aed2882c02e8b56 < d47e6c1932cee02954ea588c9f09fd5ecefeadfc | affected |
| Linux | Linux | bbec1724519ecd9c468d1186a8f30b7567175bfb < 2e845867b4e279eff0a19ade253390470e07e8a1 | affected |
| Linux | Linux | dcda165706b9fbfd685898d46a6749d7d397e0c0 < a41c8efe659caed0e21422876bbb6b73c15b5244 | affected |
| Linux | Linux | dcda165706b9fbfd685898d46a6749d7d397e0c0 < 8c28598a2c29201d2ba7fc37539a7d41c264fb10 | affected |
| Linux | Linux | dcda165706b9fbfd685898d46a6749d7d397e0c0 < 2edce8e9a99dd5e4404259d52e754fdc97fb42c2 | affected |
| Linux | Linux | dcda165706b9fbfd685898d46a6749d7d397e0c0 < 81137162bfaa7278785b24c1fd2e9e74f082e8e4 | affected |
| Linux | Linux | d9ce7d438366431e5688be98d8680336ce0a0f8d | affected |
| Linux | Linux | a55d53ad5c86aee3f6da50ee73626008997673fa | affected |
| Linux | Linux | 5558f4312dca43cebfb9a1aab3d632be91bbb736 | affected |
| Linux | Linux | 4.19.297 < 4.19.311 | affected |
| Linux | Linux | 5.4.259 < 5.4.273 | affected |
| Linux | Linux | 5.10.199 < 5.10.214 | affected |
| Linux | Linux | 5.15.137 < 5.15.153 | affected |
| Linux | Linux | 4.14.328 < 4.15 | affected |
| Linux | Linux | 6.1.60 < 6.2 | affected |
| Linux | Linux | 6.5.9 < 6.6 | affected |
| Linux | Linux | 6.6 | affected |
| Linux | Linux | 0 < 6.6 | unaffected |
| Linux | Linux | 4.19.311 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.273 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.214 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.153 <= 5.15.* | unaffected |
| Linux | Linux | 6.6.23 <= 6.6.* | unaffected |
| Linux | Linux | 6.7.11 <= 6.7.* | unaffected |
| Linux | Linux | 6.8.2 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac
- https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d
- https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc
- https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1
- https://git.kernel.org/stable/c/68644bf5ec6baaff40fc39b3529c874bfda709bd
- https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244
- https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10
- https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2
- https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac
- https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d
- https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc
- https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1
- https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244
- https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10
- https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2
- https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.