CVE-2024-36880

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36880

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36880.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36880

Downstream

BELL-CVE-2024-36880

DEBIAN-CVE-2024-36880

OESA-2024-2029

OESA-2024-2031

OESA-2024-2258

OESA-2024-2296

RHSA-2025:6966

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2360-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-36880

USN-6949-1

USN-6949-2

USN-6950-1

USN-6950-2

USN-6950-3

USN-6950-4

USN-6952-1

USN-6952-2

USN-6955-1

USN-6956-1

USN-6957-1

USN-7019-1

Related

Published

2024-05-30T16:15:11Z

Modified

2025-09-30T17:46:25Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: qca: add missing firmware sanity checks

Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer.

References

Affected packages