CVE-2024-8805 Affecting kernel-syms package, versions <5.14.21-150400.24.150.1


Severity

Recommended
0.0
high
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.46% (64th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES154-KERNELSYMS-8734180
  • published19 Feb 2025
  • disclosed18 Feb 2025

Introduced: 18 Feb 2025

CVE-2024-8805  (opens in a new tab)

How to fix?

Upgrade SLES:15.4 kernel-syms to version 5.14.21-150400.24.150.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-syms package and not the kernel-syms package as distributed by SLES. See How to fix? for SLES:15.4 relevant fixed versions and status.

BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.

CVSS Base Scores

version 3.1