CVE-2024-21803: Possible UAF in bt_accept_poll in Linux kernel

3.5 CVSS

Description

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.

This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.

Classification

CVE ID: CVE-2024-21803

CVSS Base Severity: LOW

CVSS Base Score: 3.5

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

Problem Types

CWE-416 Use After Free

Affected Products

Vendor: Linux

Product: Linux kernel

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 10.55% (scored less or equal to compared to others)

EPSS Date: 2025-06-05 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-21803
https://bugzilla.openanolis.cn/show_bug.cgi?id=8081

Timeline

2025-05-29 16:40:15 UTC
CVE

Possible UAF in bt_accept_poll in Linux kernel