Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-53144

Опубликовано: 17 дек. 2024
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernelOut of support scope
Red Hat Enterprise Linux 8kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernelAffected
Red Hat Enterprise Linux 9kernel-rtAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2332853kernel: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE

EPSS

Процентиль: 10%
0.00034
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-53144

CVSS3: 5.5
ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805

nvd логотип

CVE-2024-53144

CVSS3: 5.5
nvd
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805

debian логотип

CVE-2024-53144

CVSS3: 5.5
debian
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: B ...

github логотип

GHSA-hjq7-734v-xhcw

CVSS3: 5.5
github
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805

fstec логотип

BDU:2025-00151

CVSS3: 7.5
fstec
больше 1 года назад

Уязвимость функции hci_user_confirm_request_evt() в модуле net/bluetooth/hci_event.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации

EPSS

Процентиль: 10%
0.00034
Низкий

5.5 Medium

CVSS3