CVE-2024-53144

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-53144
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/22b49d6e4f399a390c70f3034f5fbacbb9413858 Patch
https://git.kernel.org/stable/c/5291ff856d2c5177b4fe9c18828312be30213193 Patch
https://git.kernel.org/stable/c/830c03e58beb70b99349760f822e505ecb4eeb7e Patch
https://git.kernel.org/stable/c/ad7adfb95f64a761e4784381e47bee1a362eb30d Patch
https://git.kernel.org/stable/c/b25e11f978b63cb7857890edb3a698599cddb10e Patch
https://git.kernel.org/stable/c/baaa50c6f91ea5a9c7503af51f2bc50e6568b66b Patch
https://git.kernel.org/stable/c/d17c631ba04e960eb6f8728b10d585de20ac4f71 Patch
https://www.zerodayinitiative.com/advisories/ZDI-24-1229/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.16:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.16:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.16:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.16:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.16:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
History

No history.

Information

Published : 2024-12-17 16:15

Updated : 2025-11-03 23:17

NVD link : CVE-2024-53144

Mitre link : CVE-2024-53144

CVE.ORG link : CVE-2024-53144

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
NVD-CWE-noinfo