CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-22099: NULL pointer deference in rfcomm_check_security in Linux kernel

6.3 CVSS

Description

NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.

This issue affects Linux kernel: v2.6.12-rc2.

Classification

CVE ID: CVE-2024-22099

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.3

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products

Vendor: Linux

Product: Linux kernel

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://bugzilla.openanolis.cn/show_bug.cgi?id=7956
https://lists.fedoraproject.org/archives/list/[email protected]/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/
https://lists.fedoraproject.org/archives/list/[email protected]/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Timeline

2025-02-14 00:31:30 UTC
CVE

NULL pointer deference in rfcomm_check_security in Linux kernel