CVE-2024-36032
- Source
- https://cve.org/CVERecord?id=CVE-2024-36032
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36032.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36032
- Downstream
- Related
- Published
- 2024-05-30T15:23:47.423Z
- Modified
- 2026-05-28T03:55:03.566105032Z
- Severity
-
- 2.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Bluetooth: qca: fix info leak when fetching fw build id
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: fix info leak when fetching fw build id
Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36032.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/57062aa13e87b1a78a4a8f6cb5fab6ba24f5f488
- https://git.kernel.org/stable/c/62d5550ab62042dcceaf18844d0feadbb962cffe
- https://git.kernel.org/stable/c/6b63e0ef4d3ce0080395e5091fba2023f246c45a
- https://git.kernel.org/stable/c/a571044cc0a0c944e7c12237b6768aeedd7480e1
- https://git.kernel.org/stable/c/cda0d6a198e2a7ec6f176c36173a57bdd8af7af2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36032.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-36032
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc0187b0bd3e94c48050687d87b2c3c9fbae98ae9Fixed62d5550ab62042dcceaf18844d0feadbb962cffeFixed57062aa13e87b1a78a4a8f6cb5fab6ba24f5f488Fixed6b63e0ef4d3ce0080395e5091fba2023f246c45aFixeda571044cc0a0c944e7c12237b6768aeedd7480e1Fixedcda0d6a198e2a7ec6f176c36173a57bdd8af7af2