CVE-2024-24860

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 5, 2024
Updated: Jun 25, 2024
CWE ID 476
CWE ID 362

Summary

CVE-2024-24860 is a newly disclosed vulnerability in the Linux kernel's Bluetooth device driver. The issue lies in the {min,max}_key_size_set() function, where a race condition exists. This condition can lead to a null pointer dereference, potentially causing a kernel panic or denial of service. The vulnerability may be exploited to gain unauthorized access or disrupt system functionality. System administrators are advised to update their Linux kernels to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share