PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-24857 Linux CVE debrief

CVE-2024-24857 is a Linux kernel Bluetooth issue involving a race condition in conn_info_{min,max}_age_set(). According to the CVE record, the flaw can lead to an integrity overflow and may cause Bluetooth connection abnormality or denial of service. The issue is rated medium severity, but it still matters for systems that rely on Bluetooth connectivity or run affected kernel builds.

Vendor
Linux
Product
CVE-2024-24857
CVSS
MEDIUM 4.6
CISA KEV
Not listed in stored evidence
Original CVE published
2024-02-05
Original CVE updated
2026-05-12
Advisory published
2024-02-05
Advisory updated
2026-05-12

Who should care

Linux administrators, distro maintainers, and operators of systems that use Bluetooth on affected kernel versions should pay attention. That includes desktop, embedded, and server environments where Bluetooth is enabled or used for pairing, peripherals, or management workflows.

Technical summary

NVD lists the weakness under CWE-362 (race condition) and also associates CWE-190 (integer overflow). The vulnerable area is the Linux kernel net/bluetooth driver path in conn_info_{min,max}_age_set(). NVD’s affected CPE criteria include Linux kernel versions up to 3.19.8, 6.0 through 6.6.25, 6.7 up to but not including 6.7.12, and 6.8-rc1. The CVSS vector is AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L, which indicates adjacent access, high attack complexity, high privileges, and required user interaction.

Defensive priority

Medium. This is not presented as a remotely trivial issue, but it can still disrupt Bluetooth operation and affect integrity on exposed or affected systems. Prioritize it for hosts that use Bluetooth or run kernels in the affected ranges.

Recommended defensive actions

  • Identify whether your systems run an affected Linux kernel version listed in the NVD criteria.
  • Apply the relevant vendor or distribution kernel updates that address this issue.
  • Follow distro security advisories and backport guidance for Debian or other supported releases.
  • Monitor for Bluetooth instability, pairing failures, or unexpected connection abnormality on impacted hosts.
  • Reduce unnecessary Bluetooth exposure on systems where the feature is not required until patched.

Evidence notes

This debrief is based on the official CVE/NVD record published on 2024-02-05 and last modified on 2026-05-12. The NVD entry describes a race condition in the Linux kernel Bluetooth driver, maps it to CWE-362 and CWE-190, and provides affected version ranges via CPE criteria. Supporting references in the source corpus include an OpenAnolis Bugzilla entry, Debian LTS announcements, and a Siemens ProductCERT notice.

Official resources

Public CVE record published on 2024-02-05 and modified on 2026-05-12. This debrief uses only the supplied official CVE/NVD data and linked advisory references; no exploit instructions are included.