5.5
MEDIUM
CVE-2024-36942
BlueZ QCA Firmware Memory Leak
Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
INFO
Published Date :
May 30, 2024, 4:15 p.m.
Last Modified :
Feb. 27, 2025, 8:15 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-36942 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-36942 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Feb. 27, 2025
Action Type Old Value New Value -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Feb. 27, 2025
Action Type Old Value New Value Changed Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Removed CVSS V3.1 NIST: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Removed CWE NIST: CWE-401 Removed CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 from (excluding) 6.8.10 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 from (excluding) 6.6.31 *cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc7:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (excluding) 5.15.159 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 from (excluding) 6.1.91 Removed Reference kernel.org: https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a Removed Reference kernel.org: https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 Removed Reference kernel.org: https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 Removed Reference kernel.org: https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f Removed Reference kernel.org: https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 Removed Reference CVE: https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a Removed Reference CVE: https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 Removed Reference CVE: https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 Removed Reference CVE: https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f Removed Reference CVE: https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 Removed Reference Type kernel.org: https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a Types: Patch Removed Reference Type kernel.org: https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 Types: Patch Removed Reference Type kernel.org: https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 Types: Patch Removed Reference Type kernel.org: https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f Types: Patch Removed Reference Type kernel.org: https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 Types: Patch Removed Reference Type CVE: https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a Types: Patch Removed Reference Type CVE: https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 Types: Patch Removed Reference Type CVE: https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 Types: Patch Removed Reference Type CVE: https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f Types: Patch Removed Reference Type CVE: https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 Types: Patch -
Initial Analysis by [email protected]
Feb. 03, 2025
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Added CWE NIST CWE-401 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 5.15.159 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.91 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.31 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.8.10 *cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc7:*:*:*:*:*:* Changed Reference Type https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a No Types Assigned https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a Patch Changed Reference Type https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a No Types Assigned https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a Patch Changed Reference Type https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 No Types Assigned https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 Patch Changed Reference Type https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 No Types Assigned https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 Patch Changed Reference Type https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 No Types Assigned https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 Patch Changed Reference Type https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 No Types Assigned https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 Patch Changed Reference Type https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f No Types Assigned https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f Patch Changed Reference Type https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f No Types Assigned https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f Patch Changed Reference Type https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 No Types Assigned https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 Patch Changed Reference Type https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 No Types Assigned https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 Patch -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a Added Reference https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 Added Reference https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 Added Reference https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f Added Reference https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 30, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. Added Reference kernel.org https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity
being observed over the next 30 days. Following chart shows the EPSS
score history of the vulnerability.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-36942 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-36942
weaknesses.
CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability