CVE-2024-43884

Bluetooth: MGMT: Add error handling to pair_device()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: Add error handling to pair_device()

hci_conn_params_add() never checks for a NULL value and could lead to a NULL
pointer dereference causing a crash.

Fixed by adding error handling in the function.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-17 CVE Reserved
2024-08-26 CVE Published
2024-08-30 EPSS Updated
2024-09-15 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/5157b8a503fa834e8569c7fed06981e3d3d53db0	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/11b4b0e63f2621b33b2e107407a7d67a65994ca1	2024-09-04
https://git.kernel.org/stable/c/90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9	2024-09-04
https://git.kernel.org/stable/c/9df9783bd85610d3d6e126a1aca221531f6f6dcb	2024-09-04
https://git.kernel.org/stable/c/951d6cb5eaac5130d076c728f2a6db420621afdb	2024-09-04
https://git.kernel.org/stable/c/5da2884292329bc9be32a7778e0e119f06abe503	2024-08-29
https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4	2024-08-29
https://git.kernel.org/stable/c/ee0799103b1ae4bcfd80dc11a15df085f6ee1b61	2024-08-29
https://git.kernel.org/stable/c/538fd3921afac97158d4177139a0ad39f056dbb2	2024-08-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 4.19.321 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 4.19.321"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 5.4.283 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 5.4.283"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 5.10.225 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 5.10.225"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 5.15.166 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 5.15.166"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 6.1.107 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 6.1.107"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 6.6.48 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 6.6.48"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 6.10.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 6.10.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 6.11"		en		Affected