CVE-2024-53144

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/22b49d6e4f399a390c70f3034f5fbacbb9413858	Patch
https://git.kernel.org/stable/c/5291ff856d2c5177b4fe9c18828312be30213193	Patch
https://git.kernel.org/stable/c/830c03e58beb70b99349760f822e505ecb4eeb7e	Patch
https://git.kernel.org/stable/c/ad7adfb95f64a761e4784381e47bee1a362eb30d	Patch
https://git.kernel.org/stable/c/b25e11f978b63cb7857890edb3a698599cddb10e	Patch
https://git.kernel.org/stable/c/baaa50c6f91ea5a9c7503af51f2bc50e6568b66b	Patch
https://git.kernel.org/stable/c/d17c631ba04e960eb6f8728b10d585de20ac4f71	Patch
https://www.zerodayinitiative.com/advisories/ZDI-24-1229/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:3.16:-::::::
	cpe:2.3:o:linux:linux_kernel:3.16:rc3::::::
	cpe:2.3:o:linux:linux_kernel:3.16:rc4::::::
	cpe:2.3:o:linux:linux_kernel:3.16:rc5::::::
	cpe:2.3:o:linux:linux_kernel:3.16:rc6::::::
	cpe:2.3:o:linux:linux_kernel:3.16:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::

History

08 Oct 2025, 14:59

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:3.16:rc3:::::: cpe:2.3:o:linux:linux_kernel:3.16:rc5:::::: cpe:2.3:o:linux:linux_kernel:3.16:-:::::: cpe:2.3:o:linux:linux_kernel:3.16:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:3.16:rc4:::::: cpe:2.3:o:linux:linux_kernel:3.16:rc7::::::
CWE		NVD-CWE-noinfo
References	~~() https://git.kernel.org/stable/c/22b49d6e4f399a390c70f3034f5fbacbb9413858 -~~	() https://git.kernel.org/stable/c/22b49d6e4f399a390c70f3034f5fbacbb9413858 - Patch
References	~~() https://git.kernel.org/stable/c/5291ff856d2c5177b4fe9c18828312be30213193 -~~	() https://git.kernel.org/stable/c/5291ff856d2c5177b4fe9c18828312be30213193 - Patch
References	~~() https://git.kernel.org/stable/c/830c03e58beb70b99349760f822e505ecb4eeb7e -~~	() https://git.kernel.org/stable/c/830c03e58beb70b99349760f822e505ecb4eeb7e - Patch
References	~~() https://git.kernel.org/stable/c/ad7adfb95f64a761e4784381e47bee1a362eb30d -~~	() https://git.kernel.org/stable/c/ad7adfb95f64a761e4784381e47bee1a362eb30d - Patch
References	~~() https://git.kernel.org/stable/c/b25e11f978b63cb7857890edb3a698599cddb10e -~~	() https://git.kernel.org/stable/c/b25e11f978b63cb7857890edb3a698599cddb10e - Patch
References	~~() https://git.kernel.org/stable/c/baaa50c6f91ea5a9c7503af51f2bc50e6568b66b -~~	() https://git.kernel.org/stable/c/baaa50c6f91ea5a9c7503af51f2bc50e6568b66b - Patch
References	~~() https://git.kernel.org/stable/c/d17c631ba04e960eb6f8728b10d585de20ac4f71 -~~	() https://git.kernel.org/stable/c/d17c631ba04e960eb6f8728b10d585de20ac4f71 - Patch
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-24-1229/ -~~	() https://www.zerodayinitiative.com/advisories/ZDI-24-1229/ - Third Party Advisory
First Time		Linux Linux linux Kernel

10 Apr 2025, 13:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/22b49d6e4f399a390c70f3034f5fbacbb9413858 - () https://git.kernel.org/stable/c/baaa50c6f91ea5a9c7503af51f2bc50e6568b66b -
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: hci_event: Alinear el emparejamiento de BR/EDR JUST_WORKS con LE Esto alineó el método BR/EDR JUST_WORKS con LE, que desde 92516cd97fd4 ("Bluetooth: Siempre solicitar confirmación del usuario para Just Works") siempre solicita confirmación del usuario con confirm_hint configurado, ya que bluetoothd tiene una política dedicada en torno al método JUST_WORKS (por ejemplo, main.conf:JustWorksRepairing). CVE: CVE-2024-8805

18 Dec 2024, 08:15

Type	Values Removed	Values Added
References		() https://www.zerodayinitiative.com/advisories/ZDI-24-1229/ -

17 Dec 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-17 16:15

Updated : 2025-10-08 14:59

NVD link : CVE-2024-53144

Mitre link : CVE-2024-53144

CVE.ORG link : CVE-2024-53144

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10