CVE-2024-35963

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sock: Fix not validating setsockopt user input

Check user input length before copying data.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux09572fca7223bcf32c9f0d5e100d8381a81d55f4 < 781f3a97a38a338bc893b6db7f9f9670bf1a9e37affected
LinuxLinux09572fca7223bcf32c9f0d5e100d8381a81d55f4 < 0c18a64039aa3f1c16f208d197c65076da798137affected
LinuxLinux09572fca7223bcf32c9f0d5e100d8381a81d55f4 < 50173882bb187e70e37bac01385b9b114019bee2affected
LinuxLinux09572fca7223bcf32c9f0d5e100d8381a81d55f4 < b2186061d6043d6345a97100460363e990af0d46affected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.55 <= 6.6.*unaffected
LinuxLinux6.8.7 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References