CVE-2024-27416 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST while HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generated.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00061.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://git.kernel.org/stable/c/30a5e812f78e3d1cced90e1ed750bf027599205f
https://git.kernel.org/stable/c/79820a7e1e057120c49be07cbe10643d0706b259
https://git.kernel.org/stable/c/7e74aa53a68bf60f6019bd5d9a9a1406ec4d4865
https://git.kernel.org/stable/c/8e2758cc25891d2b76717aaf89b40ed215de188c
https://git.kernel.org/stable/c/afec8f772296dd8e5a2a6f83bbf99db1b9ca877f
https://git.kernel.org/stable/c/c3df637266df29edee85e94cab5fd7041e5753ba
https://git.kernel.org/stable/c/df193568d61234c81de7ed4d540c01975de60277
https://git.kernel.org/stable/c/fba268ac36ab19f9763ff90d276cde0ce6cd5f31
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/2024051703-CVE-2024-27416-f368@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-27416
https://www.cve.org/CVERecord?id=CVE-2024-27416

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Wed, 06 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T11:51:04.270Z

Updated: 2025-05-04T12:55:43.652Z

Reserved: 2024-02-25T13:47:42.682Z

Link: CVE-2024-27416

Vulnrichment

Updated: 2024-08-02T00:34:52.342Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T12:15:13.070

Modified: 2024-11-21T09:04:34.783

Link: CVE-2024-27416

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-27416 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object