5.5
MEDIUM
CVE-2024-56739
Linux Kernel Bluetooth: Uninitialized Date/Time Read
Description

In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup.

INFO

Published Date :

Dec. 29, 2024, 12:15 p.m.

Last Modified :

Jan. 7, 2025, 9:21 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2024-56739 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-56739 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-56739.

URL Resource
https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe Patch
https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1 Patch
https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f Patch
https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2 Patch
https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b22c75bd1 Patch
https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4 Patch
https://git.kernel.org/stable/c/e77bce0a8c3989b4173c36f4195122bca8f4a3e1 Patch
https://git.kernel.org/stable/c/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d Patch
https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
cku-heise/euvd-api-doc

None

Updated: 2 days, 4 hours ago
4 stars 1 fork 1 watcher
Born at : April 16, 2025, 1:43 p.m. This repo has been linked 280 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-56739 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-56739 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 07, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-908
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.38 up to (excluding) 4.19.325 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.287 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.231 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.174 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.120 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.64 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.11.11 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.12 up to (excluding) 6.12.2
    Changed Reference Type https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe No Types Assigned https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe Patch
    Changed Reference Type https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1 No Types Assigned https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1 Patch
    Changed Reference Type https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f No Types Assigned https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f Patch
    Changed Reference Type https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2 No Types Assigned https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2 Patch
    Changed Reference Type https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b22c75bd1 No Types Assigned https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b22c75bd1 Patch
    Changed Reference Type https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4 No Types Assigned https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/e77bce0a8c3989b4173c36f4195122bca8f4a3e1 No Types Assigned https://git.kernel.org/stable/c/e77bce0a8c3989b4173c36f4195122bca8f4a3e1 Patch
    Changed Reference Type https://git.kernel.org/stable/c/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d No Types Assigned https://git.kernel.org/stable/c/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d Patch
    Changed Reference Type https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e No Types Assigned https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 29, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup.
    Added Reference https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe
    Added Reference https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1
    Added Reference https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f
    Added Reference https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2
    Added Reference https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b22c75bd1
    Added Reference https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4
    Added Reference https://git.kernel.org/stable/c/e77bce0a8c3989b4173c36f4195122bca8f4a3e1
    Added Reference https://git.kernel.org/stable/c/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d
    Added Reference https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-56739 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-56739 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: Apr. 26, 2025 9:47