CVE-2024-36033

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the firmware.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197	Patch
https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd	Patch
https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209	Patch
https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb	Patch
https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7	Patch
https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197	Patch
https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd	Patch
https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209	Patch
https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb	Patch
https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc7::::::

History

18 Sep 2025, 14:36

Type	Values Removed	Values Added
CWE		CWE-668
References	~~() https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197 -~~	() https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197 - Patch
References	~~() https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd -~~	() https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd - Patch
References	~~() https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209 -~~	() https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209 - Patch
References	~~() https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb -~~	() https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb - Patch
References	~~() https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7 -~~	() https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:6.9:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc7:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.9:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc4::::::
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1

21 Nov 2024, 09:21

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197 -~~	() https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197 -
References	~~() https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd -~~	() https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd -
References	~~() https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209 -~~	() https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209 -
References	~~() https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb -~~	() https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb -
References	~~() https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7 -~~	() https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7 -

05 Jul 2024, 08:15

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: qca: corrige la fuga de información al obtener la identificación de la placa. Agregue la verificación de cordura que falta al recuperar la identificación de la placa para evitar fugas de datos de losa cuando luego solicite el firmware.
References		() https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd -

30 May 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-30 16:15

Updated : 2025-09-18 14:36

NVD link : CVE-2024-36033

Mitre link : CVE-2024-36033

CVE.ORG link : CVE-2024-36033

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-668

Exposure of Resource to Wrong Sphere

7.1 /10