VDB

CISA-2024-36032

CISA-2024-36032 PUBLISHED CVSS 2.3 LOW

Reported by Linux · Published May 30, 2024

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed.

Risk Scores

CVSS 3.1
2.3
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
LinuxLinuxc0187b0bd3e94c48050687d87b2c3c9fbae98ae9, c0187b0bd3e94c48050687d87b2c3c9fbae98ae9, c0187b0bd3e94c48050687d87b2c3c9fbae98ae9
LinuxLinux5.12, 0, 5.15.162
LinuxLinux*, c0187b0bd3e94c48050687d87b2c3c9fbae98ae9, c0187b0bd3e94c48050687d87b2c3c9fbae98ae9
linuxlinux_kernel5.12, 5.12, 5.12

Timeline

  • May 30, 2024 CVE Published
  • May 4, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›