{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21803", "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "state": "PUBLISHED", "assignerShortName": "Anolis", "dateReserved": "2024-01-15T09:44:45.561Z", "datePublished": "2024-01-30T07:15:33.276Z", "dateUpdated": "2025-05-29T15:05:53.669Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://kernel.org/", "defaultStatus": "unaffected", "modules": ["bluetooth"], "packageName": "kernel", "platforms": ["Linux", "x86", "ARM"], "product": "Linux kernel", "programFiles": ["https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.c"], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [{"lessThan": "v6.8-rc1", "status": "affected", "version": "v2.6.12-rc2", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u80e1\u5b87\u8f69 <yuxuanhu@buaa.edu.cn>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code.<p> This vulnerability is associated with program files <tt>https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C</tt>.</p><p>This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.</p>"}], "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis", "dateUpdated": "2024-01-30T07:15:33.276Z"}, "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081"}], "source": {"discovery": "INTERNAL"}, "title": "Possible UAF in bt_accept_poll in Linux kernel", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.292Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T19:08:48.634204Z", "id": "CVE-2024-21803", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-29T15:05:53.669Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.292Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21803", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-08T19:08:48.634204Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T19:08:50.540Z"}}], "cna": {"title": "Possible UAF in bt_accept_poll in Linux kernel", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u80e1\u5b87\u8f69 <yuxuanhu@buaa.edu.cn>"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "modules": ["bluetooth"], "product": "Linux kernel", "versions": [{"status": "affected", "version": "v2.6.12-rc2", "lessThan": "v6.8-rc1", "versionType": "custom"}], "platforms": ["Linux", "x86", "ARM"], "packageName": "kernel", "programFiles": ["https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.c"], "collectionURL": "https://kernel.org/", "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n", "supportingMedia": [{"type": "text/html", "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code.<p> This vulnerability is associated with program files <tt>https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C</tt>.</p><p>This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis", "dateUpdated": "2024-01-30T07:15:33.276Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21803", "state": "PUBLISHED", "dateUpdated": "2025-05-29T15:05:53.669Z", "dateReserved": "2024-01-15T09:44:45.561Z", "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "datePublished": "2024-01-30T07:15:33.276Z", "assignerShortName": "Anolis"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF30E1D1-BEA0-4EBA-B7EF-AD7F8F1F3CDD", "versionEndIncluding": "6.6.8", "versionStartIncluding": "2.6.12.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "3A0038DE-E183-4958-A6E3-CE3821FEAFBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "C56C6E04-4F04-44A3-8DB8-93899903CFCF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*", "matchCriteriaId": "5C78EDA4-8BE6-42FC-9512-49032D525A55", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc5:*:*:*:*:*:*", "matchCriteriaId": "32F2E5CA-13C6-4601-B530-D465CBF73D1C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:rc6:*:*:*:*:*:*", "matchCriteriaId": "5ED5AF93-F831-48BC-9545-CCB344E814FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Use After Free en El kernel de Linux en Linux, x86, ARM (m\u00f3dulos bluetooth) permite la ejecuci\u00f3n local de c\u00f3digo. Esta vulnerabilidad est\u00e1 asociada con archivos de programa https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. Este problema afecta al kernel de Linux: desde v2.6.12-rc2 antes de v6.8-rc1."}], "id": "CVE-2024-21803", "lastModified": "2025-08-15T20:31:42.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security@openanolis.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-30T08:15:41.373", "references": [{"source": "security@openanolis.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081"}], "sourceIdentifier": "security@openanolis.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security@openanolis.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: bluetooth: use-after-free vulnerability in af_bluetooth.c", "id": "2261903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261903"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.", "NVD describes an after-free vulnerability found in the Linux kernel in the Linux x86 ARM Bluetooth module that allows local code execution. This vulnerability is associated with the program file, https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects the Linux kernel in versions v6.8-rc1 through v2.6.12-rc2."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-21803", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-01-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-21803\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21803"], "statement": "Red Hat Enterprise Linux not affected (all versions).", "threat_severity": "Moderate"}

{}