CVE-2024-36033

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: qca: fix info leak when fetching board id

Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the firmware.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc3c1bd421db6187ee455995bfbf1ba16d98f5e6b < a3dff121a7f5104c4c2d47edaa2351837ef645ddaffected
LinuxLinuxad643241d455fdd2516d46cfa54bd0c5e504fc86 < bcccdc947d2ca5972b1e92d0dea10803ddc08cebaffected
LinuxLinuxa381ee26d7c70dbc048cd17c4e0f40619118ff1f < ba307abed5e09759845c735ba036f8c12f55b209affected
LinuxLinuxa7f8dedb4be2cc930a29af24427b885405ecd15d < f30c37cb4549baf8377434892d520fe7769bdba7affected
LinuxLinuxa7f8dedb4be2cc930a29af24427b885405ecd15d < 0adcf6be1445ed50bfd4a451a7a782568f270197affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.8.10 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References