Ubuntu
CVE-2024-11586
MEDIUM
Severity by source
AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
Primary rating from Vendor (ubuntu) · only source for this CVE.
CVSS VectorVendor: ubuntu
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.
AnalysisAI
Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected. Rated medium severity (CVSS 4.0).
Technical ContextAI
This vulnerability is classified under CWE-404. Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected. Affected products include: Pulseaudio.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Pulseaudio
View allThe pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote
Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program.
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to
Same weakness CWE-404 – Improper Resource Shutdown or Release
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today