CVE-2024-8805
Public on 2024-09-27
Modified on 2024-10-21
Description
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
NOTE: https://patchwork.kernel.org/project/bluetooth/patch/20240912204458.3037144-1-luiz.dentz@gmail.com/
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=41f943630d9a03c40e95057b2ac3d96470b9c71e
DEBIANBUG: [1082849]
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
NOTE: https://patchwork.kernel.org/project/bluetooth/patch/20240912204458.3037144-1-luiz.dentz@gmail.com/
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=41f943630d9a03c40e95057b2ac3d96470b9c71e
DEBIANBUG: [1082849]
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | Not Affected | ||
| Amazon Linux 2 - Core | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.15 Extra | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | Not Affected | ||
| Amazon Linux 2023 | kernel | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.3 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |