CVE-2024-35850 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when setup() is called for a non-serdev controller.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4
https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86
https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21
https://lore.kernel.org/linux-cve-announce/2024051739-CVE-2024-35850-2b62@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35850
https://www.cve.org/CVERecord?id=CVE-2024-35850

History

Thu, 19 Sep 2024 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T14:47:28.139Z

Updated: 2024-09-11T17:33:17.995Z

Reserved: 2024-05-17T13:50:33.105Z

Link: CVE-2024-35850

Vulnrichment

Updated: 2024-08-02T03:21:48.528Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T15:15:21.860

Modified: 2024-05-17T18:35:35.070

Link: CVE-2024-35850

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-35850 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35850", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.105Z", "datePublished": "2024-05-17T14:47:28.139Z", "dateUpdated": "2024-09-11T17:33:17.995Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:30:06.002Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix NULL-deref on non-serdev setup\n\nQualcomm ROME controllers can be registered from the Bluetooth line\ndiscipline and in this case the HCI UART serdev pointer is NULL.\n\nAdd the missing sanity check to prevent a NULL-pointer dereference when\nsetup() is called for a non-serdev controller."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bluetooth/hci_qca.c"], "versions": [{"version": "e9b3e5b8c657", "lessThan": "67459f1a707a", "status": "affected", "versionType": "git"}, {"version": "e9b3e5b8c657", "lessThan": "bec4d4c6fa5c", "status": "affected", "versionType": "git"}, {"version": "e9b3e5b8c657", "lessThan": "7ddb9de6af0f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bluetooth/hci_qca.c"], "versions": [{"version": "6.2", "status": "affected"}, {"version": "0", "lessThan": "6.2", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.30", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.9", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4"}, {"url": "https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21"}, {"url": "https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86"}], "title": "Bluetooth: qca: fix NULL-deref on non-serdev setup", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.528Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35850", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:41:40.292157Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:17.995Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.528Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35850", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:41:40.292157Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:16.003Z"}}], "cna": {"title": "Bluetooth: qca: fix NULL-deref on non-serdev setup", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e9b3e5b8c657", "lessThan": "67459f1a707a", "versionType": "git"}, {"status": "affected", "version": "e9b3e5b8c657", "lessThan": "bec4d4c6fa5c", "versionType": "git"}, {"status": "affected", "version": "e9b3e5b8c657", "lessThan": "7ddb9de6af0f", "versionType": "git"}], "programFiles": ["drivers/bluetooth/hci_qca.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.2"}, {"status": "unaffected", "version": "0", "lessThan": "6.2", "versionType": "custom"}, {"status": "unaffected", "version": "6.6.30", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.9", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/bluetooth/hci_qca.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4"}, {"url": "https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21"}, {"url": "https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix NULL-deref on non-serdev setup\n\nQualcomm ROME controllers can be registered from the Bluetooth line\ndiscipline and in this case the HCI UART serdev pointer is NULL.\n\nAdd the missing sanity check to prevent a NULL-pointer dereference when\nsetup() is called for a non-serdev controller."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:30:06.002Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35850", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:17.995Z", "dateReserved": "2024-05-17T13:50:33.105Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T14:47:28.139Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: Bluetooth: qca: fix NULL-deref on non-serdev setup", "id": "2281261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281261"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: qca: fix NULL-deref on non-serdev setup\nQualcomm ROME controllers can be registered from the Bluetooth line\ndiscipline and in this case the HCI UART serdev pointer is NULL.\nAdd the missing sanity check to prevent a NULL-pointer dereference when\nsetup() is called for a non-serdev controller.", "A vulnerability was found in the Bluetooth qca driver in the Linux kernel, which could lead to a NULL pointer dereference when the driver is used on non-serdev setups. This issue could result in a kernel crash, causing a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35850", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35850\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35850\nhttps://lore.kernel.org/linux-cve-announce/2024051739-CVE-2024-35850-2b62@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.30, kernel 6.8.9, kernel 6.9"}