CVE-2024-24857 MEDIUM

CVE-2024-24857: Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set()

Vendor Linux
Product Linux kernel
Weakness CWE-362
Published February 5, 2024
Last update May 12, 2026

CVSS base score

4.6/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

Key dates

02Disclosure timeline

February 5, 2024 CVE published
May 12, 2026 Record updated