VDB
CISA-2024-36032
CISA-2024-36032
PUBLISHED
CVSS 2.3 LOW
Reported by Linux · Published May 30, 2024
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed.
Risk Scores
CVSS 3.1
2.3
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | c0187b0bd3e94c48050687d87b2c3c9fbae98ae9, c0187b0bd3e94c48050687d87b2c3c9fbae98ae9, c0187b0bd3e94c48050687d87b2c3c9fbae98ae9 |
| Linux | Linux | 5.12, 0, 5.15.162 |
| Linux | Linux | *, c0187b0bd3e94c48050687d87b2c3c9fbae98ae9, c0187b0bd3e94c48050687d87b2c3c9fbae98ae9 |
| linux | linux_kernel | 5.12, 5.12, 5.12 |
Timeline
- May 30, 2024 CVE Published
- May 4, 2025 CVE Updated