CVE-2024-36880

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: qca: add missing firmware sanity checks

Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux83e81961ff7ef75f97756f316caea5aa6bcc19cc < ed53949cc92e28aaa3463d246942bda1fbb7f307affected
LinuxLinux83e81961ff7ef75f97756f316caea5aa6bcc19cc < 1caceadfb50432dbf6d808796cb6c34ebb6d662caffected
LinuxLinux83e81961ff7ef75f97756f316caea5aa6bcc19cc < 427281f9498ed614f9aabc80e46ec077c487da6daffected
LinuxLinux83e81961ff7ef75f97756f316caea5aa6bcc19cc < 02f05ed44b71152d5e11d29be28aed91c0489b4eaffected
LinuxLinux83e81961ff7ef75f97756f316caea5aa6bcc19cc < 2e4edfa1e2bd821a317e7d006517dcf2f3fac68daffected
LinuxLinux4.3affected
LinuxLinux0 < 4.3unaffected
LinuxLinux5.15.159 <= 5.15.*unaffected
LinuxLinux6.1.91 <= 6.1.*unaffected
LinuxLinux6.6.31 <= 6.6.*unaffected
LinuxLinux6.8.10 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References