CVE-2024-21803: 
CBL Mariner vulnerability analysis and mitigation

A Use After Free vulnerability has been identified in the Linux kernel's Bluetooth modules affecting x86 and ARM architectures. The vulnerability, tracked as CVE-2024-21803, was discovered in the Linux kernel versions ranging from v2.6.12-rc2 to versions before v6.8-rc1. The vulnerability is specifically associated with the Bluetooth implementation in the kernel, particularly in the file path net/bluetooth/af_bluetooth.c (NVD).

The vulnerability has been assessed with varying CVSS scores by different organizations. The National Institute of Standards and Technology (NIST) has assigned it a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while OpenAnolis has rated it with a Base Score of 3.5 (LOW) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L. The vulnerability is classified as CWE-416 (Use After Free) (NVD).

The vulnerability could potentially allow local execution of code on affected systems. Given the CVSS metrics, successful exploitation could lead to high impacts on confidentiality, integrity, and availability of the system when exploited locally (NVD).

The vulnerability affects multiple Linux distributions, and various releases are currently under evaluation for patches. For instance, Ubuntu has marked this vulnerability as requiring evaluation across multiple versions including 24.04 LTS, 22.04 LTS, 20.04 LTS, and 18.04 LTS (Ubuntu Security).