{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46869", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.294Z", "datePublished": "2024-09-30T15:40:58.466Z", "dateUpdated": "2024-11-05T09:48:10.962Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:48:10.962Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel_pcie: Allocate memory for driver private data\n\nFix driver not allocating memory for struct btintel_data which is used\nto store internal data."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bluetooth/btintel_pcie.c"], "versions": [{"version": "6e65a09f9275", "lessThan": "fa9e1c1b1f38", "status": "affected", "versionType": "git"}, {"version": "6e65a09f9275", "lessThan": "2b4545f08cc6", "status": "affected", "versionType": "git"}, {"version": "6e65a09f9275", "lessThan": "7ffaa2002518", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bluetooth/btintel_pcie.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.12", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.1", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/fa9e1c1b1f389a8e6d987ac6cb3e2ba04f8ec875"}, {"url": "https://git.kernel.org/stable/c/2b4545f08cc68d2fc835f5c490b36e0264750030"}, {"url": "https://git.kernel.org/stable/c/7ffaa200251871980af12e57649ad57c70bf0f43"}], "title": "Bluetooth: btintel_pcie: Allocate memory for driver private data", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T13:36:54.865418Z", "id": "CVE-2024-46869", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T13:37:08.464Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46869", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-03T13:36:54.865418Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T13:36:58.666Z"}}], "cna": {"title": "Bluetooth: btintel_pcie: Allocate memory for driver private data", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6e65a09f9275", "lessThan": "fa9e1c1b1f38", "versionType": "git"}, {"status": "affected", "version": "6e65a09f9275", "lessThan": "2b4545f08cc6", "versionType": "git"}, {"status": "affected", "version": "6e65a09f9275", "lessThan": "7ffaa2002518", "versionType": "git"}], "programFiles": ["drivers/bluetooth/btintel_pcie.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.10"}, {"status": "unaffected", "version": "0", "lessThan": "6.10", "versionType": "semver"}, {"status": "unaffected", "version": "6.10.12", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.1", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12-rc1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/bluetooth/btintel_pcie.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/fa9e1c1b1f389a8e6d987ac6cb3e2ba04f8ec875"}, {"url": "https://git.kernel.org/stable/c/2b4545f08cc68d2fc835f5c490b36e0264750030"}, {"url": "https://git.kernel.org/stable/c/7ffaa200251871980af12e57649ad57c70bf0f43"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel_pcie: Allocate memory for driver private data\n\nFix driver not allocating memory for struct btintel_data which is used\nto store internal data."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:48:10.962Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46869", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:48:10.962Z", "dateReserved": "2024-09-11T15:12:18.294Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-30T15:40:58.466Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8912973F-4008-4CD7-8152-A1159B3D28F0", "versionEndExcluding": "6.10.12", "versionStartIncluding": "6.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0554B051-ED74-4F86-8325-35689910CC6C", "versionEndExcluding": "6.11.1", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel_pcie: Allocate memory for driver private data\n\nFix driver not allocating memory for struct btintel_data which is used\nto store internal data."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btintel_pcie: Asignar memoria para datos privados del controlador Se corrige el problema que provoca que el controlador no asigne memoria para la estructura btintel_data que se utiliza para almacenar datos internos."}], "id": "CVE-2024-46869", "lastModified": "2024-11-13T14:15:16.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-30T16:15:09.200", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2b4545f08cc68d2fc835f5c490b36e0264750030"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7ffaa200251871980af12e57649ad57c70bf0f43"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fa9e1c1b1f389a8e6d987ac6cb3e2ba04f8ec875"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Bluetooth: btintel_pcie: Allocate memory for driver private data", "id": "2315696", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315696"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: btintel_pcie: Allocate memory for driver private data\nFix driver not allocating memory for struct btintel_data which is used\nto store internal data.", "A flaw was found in the Linux kernel\u2019s btintel_pcie driver. This issue is caused by a failure to allocate memory for the btintel_data structure, which stores essential internal driver data for Intel Bluetooth devices, possibly leading to system instability or crashes due to uninitialized memory access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-46869", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46869\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46869\nhttps://lore.kernel.org/linux-cve-announce/2024093004-CVE-2024-46869-8a60@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}