CVE-2024-36011 – This CVE-2024-36011 is a null pointer dereferen... (How to Fix)

Q: What is the severity of CVE-2024-36011?

CVE-2024-36011 has a CVSS score of 5.5 (MEDIUM). This CVE-2024-36011 is a null pointer dereference vulnerability in the Linux kernel's Bluetooth HCI subsystem. It could allow local attackers to cause a kernel panic or potentially execute arbitrary code by triggering a specific Bluetooth event. Systems with Bluetooth enabled and running vulnerable Linux kernel versions are affected.

📋 TL;DR

This CVE-2024-36011 is a null pointer dereference vulnerability in the Linux kernel's Bluetooth HCI subsystem. It could allow local attackers to cause a kernel panic or potentially execute arbitrary code by triggering a specific Bluetooth event. Systems with Bluetooth enabled and running vulnerable Linux kernel versions are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable versions not specified in CVE; check kernel commit history for affected releases

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Bluetooth functionality to be enabled and in use; systems without Bluetooth hardware or with Bluetooth disabled are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution if combined with other vulnerabilities.

🟠

Likely Case

Local denial of service through kernel panic or system crash when malicious Bluetooth packets are processed.

🟢

If Mitigated

Minimal impact if Bluetooth is disabled or the system is patched; kernel panic would require physical access or local user privileges.

🌐 Internet-Facing: LOW - Requires local access or Bluetooth proximity; not directly exploitable over internet.

🏢 Internal Only: MEDIUM - Local attackers or malicious insiders could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to trigger the Bluetooth event; exploitation details not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 1f7ebb69c1d65732bcac2fda9d15421f76f01e81 and related fixes

Vendor Advisory: https://git.kernel.org/stable/c/1f7ebb69c1d65732bcac2fda9d15421f76f01e81

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable Bluetooth

linux

Completely disable Bluetooth functionality to prevent exploitation

sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo rfkill block bluetooth

🧯 If You Can't Patch

Disable Bluetooth functionality entirely
Restrict physical and local access to affected systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution security advisories; examine if Bluetooth is enabled

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version; check that Bluetooth functions normally

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Bluetooth subsystem crashes in dmesg
System crash/reboot events

Network Indicators:

Unusual Bluetooth traffic patterns
Bluetooth connection attempts to trigger specific events

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "null pointer dereference") AND "bluetooth"

📊 Metadata

CVE ID: CVE-2024-36011

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 23, 2024

Last Updated: May 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36011, you might also want to check these: