CVE-2024-27416

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST

If we received HCI_EV_IO_CAPA_REQUEST while HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generated.

Published: May 17, 2024
Updated: Dec 18, 2025
CVE: CVE-2024-27416
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	4.14.328	4.15
linux / linux_kernel	4.19.297	4.19.309
linux / linux_kernel	5.4.259	5.4.271
linux / linux_kernel	5.10.199	5.10.212
linux / linux_kernel	5.15.137	5.15.151
linux / linux_kernel	6.1.60	6.1.81
linux / linux_kernel	6.5.9	6.6
linux / linux_kernel	6.6.1	6.6.21
linux / linux_kernel	6.7	6.7.9
linux / linux_kernel	6.6	6.6.x
linux / linux_kernel	6.6-rc7	6.6-rc7.x
linux / linux_kernel	6.8-rc1	6.8-rc1.x
linux / linux_kernel	6.8-rc2	6.8-rc2.x
linux / linux_kernel	6.8-rc3	6.8-rc3.x
linux / linux_kernel	6.8-rc4	6.8-rc4.x
linux / linux_kernel	6.8-rc5	6.8-rc5.x
linux / linux_kernel	6.8-rc6	6.8-rc6.x
debian / debian_linux	10.0	10.0.x

Vulnerability Database

320,116

CVE-2024-27416

Deep Security Visibility Without the Complexity