CVE-2024-27416

Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST while HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generated.

N/A
CVSS
Severity:
EPSS 0.27%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/afec8f772296dd8e5a2a6f83bbf99db1b9ca877f
https://git.kernel.org/stable/c/79820a7e1e057120c49be07cbe10643d0706b259
https://git.kernel.org/stable/c/df193568d61234c81de7ed4d540c01975de60277
https://git.kernel.org/stable/c/c3df637266df29edee85e94cab5fd7041e5753ba
https://git.kernel.org/stable/c/30a5e812f78e3d1cced90e1ed750bf027599205f
https://git.kernel.org/stable/c/fba268ac36ab19f9763ff90d276cde0ce6cd5f31
https://git.kernel.org/stable/c/8e2758cc25891d2b76717aaf89b40ed215de188c
https://git.kernel.org/stable/c/7e74aa53a68bf60f6019bd5d9a9a1406ec4d4865
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Frequently Asked Questions

What is the severity of CVE-2024-27416?
CVE-2024-27416 has not yet been assigned a CVSS score.
How to fix CVE-2024-27416?
To fix CVE-2024-27416, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27416 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27416 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27416?
CVE-2024-27416 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.