CVE-2024-38620

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP and Primary controllers, as only HCI_PRIMARY is left, this also remove hdev->dev_type altogether.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/5af2e235b0d5b797e9531a00c50058319130e156	Patch
https://git.kernel.org/stable/c/84a4bb6548a29326564f0e659fb8064503ecc1c7	Patch
https://git.kernel.org/stable/c/af1d425b6dc67cd67809f835dd7afb6be4d43e03	Patch
https://git.kernel.org/stable/c/d3c7b012d912b31ad23b9349c0e499d6dddd48ec	Patch
https://git.kernel.org/stable/c/5af2e235b0d5b797e9531a00c50058319130e156	Patch
https://git.kernel.org/stable/c/84a4bb6548a29326564f0e659fb8064503ecc1c7	Patch
https://git.kernel.org/stable/c/af1d425b6dc67cd67809f835dd7afb6be4d43e03	Patch
https://git.kernel.org/stable/c/d3c7b012d912b31ad23b9349c0e499d6dddd48ec	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-06-20 08:15

Updated : 2025-10-03 16:09

NVD link : CVE-2024-38620

Mitre link : CVE-2024-38620

CVE.ORG link : CVE-2024-38620

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-38620", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-06-20T08:15:38.377", "references": [{"url": "https://git.kernel.org/stable/c/5af2e235b0d5b797e9531a00c50058319130e156", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/84a4bb6548a29326564f0e659fb8064503ecc1c7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/af1d425b6dc67cd67809f835dd7afb6be4d43e03", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d3c7b012d912b31ad23b9349c0e499d6dddd48ec", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5af2e235b0d5b797e9531a00c50058319130e156", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/84a4bb6548a29326564f0e659fb8064503ecc1c7", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/af1d425b6dc67cd67809f835dd7afb6be4d43e03", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/d3c7b012d912b31ad23b9349c0e499d6dddd48ec", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Remove HCI_AMP support\n\nSince BT_HS has been remove HCI_AMP controllers no longer has any use so\nremove it along with the capability of creating AMP controllers.\n\nSince we no longer need to differentiate between AMP and Primary\ncontrollers, as only HCI_PRIMARY is left, this also remove\nhdev->dev_type altogether."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: HCI: eliminar la compatibilidad con HCI_AMP Dado que se elimin\u00f3 BT_HS, los controladores HCI_AMP ya no tienen ning\u00fan uso, as\u00ed que elim\u00ednelos junto con la capacidad de crear controladores AMP. Como ya no necesitamos diferenciar entre los controladores AMP y primarios, ya que solo queda HCI_PRIMARY, esto tambi\u00e9n elimina hdev->dev_type por completo."}], "lastModified": "2025-10-03T16:09:01.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69FDB5EB-450C-44B2-882E-8B68A401BA09", "versionEndExcluding": "6.6.33", "versionStartIncluding": "4.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2", "versionEndExcluding": "6.8.12", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011", "versionEndExcluding": "6.9.3", "versionStartIncluding": "6.9"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}