CVE-2024-35850

Bluetooth: qca: fix NULL-deref on non-serdev setup

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line
discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when
setup() is called for a non-serdev controller.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: qca: corrige NULL-deref en configuración sin serdev. Los controladores Qualcomm ROME se pueden registrar desde la disciplina de línea Bluetooth y en este caso el puntero HCI UART serdev es NULL. Agregue la verificación de sanidad que falta para evitar una desreferencia del puntero NULL cuando se llama a setup() para un controlador que no es serdev.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when setup() is called for a non-serdev controller.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-17 CVE Published
2024-12-19 CVE Updated
2024-12-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/e9b3e5b8c65733f626a7ee919c4bc895b51d7bb2	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4	2024-05-02
https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21	2024-05-02
https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86	2024-04-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.6.30 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.6.30"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.8.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.9"		en		Affected