CVE-2024-24858 Linux CVE debrief

Who should care

Linux distribution maintainers, embedded and OEM teams, and administrators running Bluetooth-enabled Linux systems should review this issue, especially where deployed kernels fall within the affected NVD version ranges.

Technical summary

The issue is described as a race condition in net/bluetooth {conn,adv}_{min,max}_interval_set() (CWE-362). According to NVD, vulnerable Linux kernel criteria include versions up to 3.19.8, 6.0 through 6.6.25, 6.7 through 6.7.12, and 6.8-rc1. The published CVSS v3.1 vector is AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H, indicating an availability-focused impact with some integrity effect and higher attack complexity/privilege requirements.

Defensive priority

Medium

Recommended defensive actions

• Check deployed kernel versions against the NVD affected ranges before scheduling remediation.
• Apply vendor or distribution kernel updates that address the Bluetooth race condition when available.
• Review Bluetooth exposure on systems that do not require it and disable unused Bluetooth services or interfaces where operationally appropriate.
• After updating, reboot into the fixed kernel and validate Bluetooth and I2CAP functionality in normal workflows.
• Track downstream advisories for your platform, including Debian LTS and Siemens references listed in NVD, for deployment-specific guidance.

Evidence notes

This debrief is based on the supplied NVD record published on 2024-02-05 and modified on 2026-05-12. The NVD metadata provides the CVSS vector, CWE-362 classification, affected CPE criteria, and references to downstream advisories and a permissions-required bug tracker entry. No exploit details are included.

Official resources