CVE-2024-53144 : LINUX KERNEL UP TO 6.1.112/6.6.54/6.10.13/6.11.2 HCI_EVENT PRIVILEGE ESCALATION

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 (“Bluetooth: Always request for user confirmation for Just Works”) always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805.

References

https://git.kernel.org/stable/c/d17c631ba04e960eb6f8728b10d585de20ac4f71

https://git.kernel.org/stable/c/830c03e58beb70b99349760f822e505ecb4eeb7e

https://git.kernel.org/stable/c/ad7adfb95f64a761e4784381e47bee1a362eb30d

https://git.kernel.org/stable/c/5291ff856d2c5177b4fe9c18828312be30213193

https://git.kernel.org/stable/c/b25e11f978b63cb7857890edb3a698599cddb10e

https://www.zerodayinitiative.com/advisories/ZDI-24-1229/

For More Information

CVERecord

Contact us to get started

CVE-2025-23208 : ZOT UP TO 2.1.1 API SETUSERGROUPS PRIVILEGES MANAGEMENT

Description zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db)

Learn more

CVE-2024-12867 : ARCTIC SECURITY ARCTIC HUB UP TO 5.5.1872 CONFIGURATION SERVER-SIDE REQUEST FORGERY

Description Server-Side Request Forgery in URL Mapper in Arctic Security’s Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to

Learn more

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

Description A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with

Learn more