CVE-2024-36033

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36033

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36033.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36033

Downstream

BELL-CVE-2024-36033

DEBIAN-CVE-2024-36033

UBUNTU-CVE-2024-36033

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Published

2024-05-30T15:23:48Z

Modified

2025-10-17T06:54:51.000488Z

Summary

Bluetooth: qca: fix info leak when fetching board id

Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: qca: fix info leak when fetching board id

Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the firmware.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c3c1bd421db6187ee455995bfbf1ba16d98f5e6b

Fixed

a3dff121a7f5104c4c2d47edaa2351837ef645dd

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ad643241d455fdd2516d46cfa54bd0c5e504fc86

Fixed

bcccdc947d2ca5972b1e92d0dea10803ddc08ceb

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a381ee26d7c70dbc048cd17c4e0f40619118ff1f

Fixed

ba307abed5e09759845c735ba036f8c12f55b209

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a7f8dedb4be2cc930a29af24427b885405ecd15d

Fixed

f30c37cb4549baf8377434892d520fe7769bdba7

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a7f8dedb4be2cc930a29af24427b885405ecd15d

Fixed

0adcf6be1445ed50bfd4a451a7a782568f270197

Affected versions

v6.*

v6.6

v6.6-rc7

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.8.1

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.8.10