Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-c7ux-m2a3-euc6
Vulnerability ID VCID-c7ux-m2a3-euc6
Aliases CVE-2024-24860
Summary A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
Status Published
Exploitability 0.5
Weighted Severity 4.1
Risk 2.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 0.00011 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-24860
cvssv3.1 4.6 https://bugzilla.openanolis.cn/show_bug.cgi?id=8151
ssvc Track https://bugzilla.openanolis.cn/show_bug.cgi?id=8151
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 4.6 https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-24860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24860
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
msg00016.html https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
show_bug.cgi?id=8151 https://bugzilla.openanolis.cn/show_bug.cgi?id=8151
USN-6688-1 https://usn.ubuntu.com/6688-1/
USN-6725-1 https://usn.ubuntu.com/6725-1/
USN-6725-2 https://usn.ubuntu.com/6725-2/
USN-6818-1 https://usn.ubuntu.com/6818-1/
USN-6818-2 https://usn.ubuntu.com/6818-2/
USN-6818-3 https://usn.ubuntu.com/6818-3/
USN-6818-4 https://usn.ubuntu.com/6818-4/
USN-6819-1 https://usn.ubuntu.com/6819-1/
USN-6819-2 https://usn.ubuntu.com/6819-2/
USN-6819-3 https://usn.ubuntu.com/6819-3/
USN-6819-4 https://usn.ubuntu.com/6819-4/
USN-6972-1 https://usn.ubuntu.com/6972-1/
USN-6972-2 https://usn.ubuntu.com/6972-2/
USN-6972-3 https://usn.ubuntu.com/6972-3/
USN-6972-4 https://usn.ubuntu.com/6972-4/
USN-6973-1 https://usn.ubuntu.com/6973-1/
USN-6973-2 https://usn.ubuntu.com/6973-2/
USN-6973-3 https://usn.ubuntu.com/6973-3/
USN-6973-4 https://usn.ubuntu.com/6973-4/
USN-6976-1 https://usn.ubuntu.com/6976-1/
USN-7006-1 https://usn.ubuntu.com/7006-1/
No exploits are available.
Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N Found at https://bugzilla.openanolis.cn/show_bug.cgi?id=8151
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T14:05:40Z/ Found at https://bugzilla.openanolis.cn/show_bug.cgi?id=8151
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T14:05:40Z/ Found at https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.0131
EPSS Score 0.00011
Published At May 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T16:37:17.442738+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.0.0