CVE-2024-26889

Bluetooth: hci_core: Fix possible buffer overflow

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Third-Party Advisory debian.org Third-Party Advisory debian.org
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac patch
https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d patch
https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc patch
https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1 patch
https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244 patch
https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10 patch
https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2 patch
https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4 patch
https://git.kernel.org/stable/c/68644bf5ec6baaff40fc39b3529c874bfda709bd patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list third party advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-26889?
CVE-2024-26889 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26889?
To fix CVE-2024-26889, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26889 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26889 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26889?
CVE-2024-26889 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.