{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26888", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.186Z", "datePublished": "2024-04-17T10:27:42.193Z", "dateUpdated": "2025-05-04T12:55:04.312Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:55:04.312Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: Fix memory leak\n\nFix leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/msft.c"], "versions": [{"version": "9e14606d8f38ea52a38c27692a9c1513c987a5da", "lessThan": "98e9920c75e0790bff947a00d192d24bf1c724e0", "status": "affected", "versionType": "git"}, {"version": "9e14606d8f38ea52a38c27692a9c1513c987a5da", "lessThan": "5987b9f7d9314c7411136005b3a52f61a8cc0911", "status": "affected", "versionType": "git"}, {"version": "9e14606d8f38ea52a38c27692a9c1513c987a5da", "lessThan": "5cb93417c93716a5404f762f331f5de3653fd952", "status": "affected", "versionType": "git"}, {"version": "9e14606d8f38ea52a38c27692a9c1513c987a5da", "lessThan": "a6e06258f4c31eba0fcd503e19828b5f8fe7b08b", "status": "affected", "versionType": "git"}, {"version": "f9965f7f38c90449a5fb26edb8a7d22b1dcf0283", "status": "affected", "versionType": "git"}, {"version": "80fe27811c56ecd3896c3d511ab8298146071d98", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/msft.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.6.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.7.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.8.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0"}, {"url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911"}, {"url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952"}, {"url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b"}], "title": "Bluetooth: msft: Fix memory leak", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T19:10:11.387827Z", "id": "CVE-2024-26888", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T19:10:39.243Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.534Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.534Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26888", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T19:10:11.387827Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T19:10:34.982Z"}}], "cna": {"title": "Bluetooth: msft: Fix memory leak", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9e14606d8f38ea52a38c27692a9c1513c987a5da", "lessThan": "98e9920c75e0790bff947a00d192d24bf1c724e0", "versionType": "git"}, {"status": "affected", "version": "9e14606d8f38ea52a38c27692a9c1513c987a5da", "lessThan": "5987b9f7d9314c7411136005b3a52f61a8cc0911", "versionType": "git"}, {"status": "affected", "version": "9e14606d8f38ea52a38c27692a9c1513c987a5da", "lessThan": "5cb93417c93716a5404f762f331f5de3653fd952", "versionType": "git"}, {"status": "affected", "version": "9e14606d8f38ea52a38c27692a9c1513c987a5da", "lessThan": "a6e06258f4c31eba0fcd503e19828b5f8fe7b08b", "versionType": "git"}], "programFiles": ["net/bluetooth/msft.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.23", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/bluetooth/msft.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0"}, {"url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911"}, {"url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952"}, {"url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: Fix memory leak\n\nFix leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:49:32.834Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26888", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:49:32.834Z", "dateReserved": "2024-02-19T14:20:24.186Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T10:27:42.193Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5099559-2D15-42A5-A561-71B34FEFF36F", "versionEndExcluding": "6.5", "versionStartIncluding": "6.4.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "43EB4ECD-2161-4C19-8280-3544598B5CD9", "versionEndExcluding": "6.6.23", "versionStartIncluding": "6.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD", "versionEndExcluding": "6.7.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1", "versionEndExcluding": "6.8.2", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: Fix memory leak\n\nFix leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: msft: Reparar p\u00e9rdida de memoria Reparar p\u00e9rdida de b\u00fafer asignado para enviar MSFT_OP_LE_MONITOR_ADVERTISEMENT."}], "id": "CVE-2024-26888", "lastModified": "2025-01-07T16:43:58.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-17T11:15:10.337", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5987b9f7d9314c7411136005b3a52f61a8cc0911"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5cb93417c93716a5404f762f331f5de3653fd952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/98e9920c75e0790bff947a00d192d24bf1c724e0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Bluetooth: msft: Fix memory leak", "id": "2275674", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275674"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: msft: Fix memory leak\nFix leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT.", "A memory leak vulnerability was found in the Bluetooth subsystem of the Linux kernel. This issue can cause gradual memory exhaustion, potentially leading to system instability or crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-26888", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26888\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26888\nhttps://lore.kernel.org/linux-cve-announce/2024041742-CVE-2024-26888-48e6@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as the vulnerability in question does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate"}