{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42137", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.188Z", "datePublished": "2024-07-30T07:46:31.748Z", "dateUpdated": "2024-09-11T17:34:35.827Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-30T07:46:31.748Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\n\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\n\nBT can't be enabled after below steps:\ncold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\n\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\n\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\n\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bluetooth/hci_qca.c"], "versions": [{"version": "e84ec6e25df9", "lessThan": "215a26c2404f", "status": "affected", "versionType": "git"}, {"version": "908d1742b6e6", "lessThan": "4ca6013cd18e", "status": "affected", "versionType": "git"}, {"version": "ea3ebda47dd5", "lessThan": "e6e200b26427", "status": "affected", "versionType": "git"}, {"version": "272970be3dab", "lessThan": "e2d8aa4c7635", "status": "affected", "versionType": "git"}, {"version": "272970be3dab", "lessThan": "977b9dc65e14", "status": "affected", "versionType": "git"}, {"version": "272970be3dab", "lessThan": "88e72239ead9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bluetooth/hci_qca.c"], "versions": [{"version": "6.2", "status": "affected"}, {"version": "0", "lessThan": "6.2", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb"}, {"url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11"}, {"url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b"}, {"url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5"}, {"url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b"}, {"url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26"}], "title": "Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.549Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42137", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:16:06.425192Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:35.827Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42137", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.188Z", "datePublished": "2024-07-30T07:46:31.748Z", "dateUpdated": "2024-08-02T04:54:32.549Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-30T07:46:31.748Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\n\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\n\nBT can't be enabled after below steps:\ncold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\n\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\n\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\n\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bluetooth/hci_qca.c"], "versions": [{"version": "e84ec6e25df9", "lessThan": "215a26c2404f", "status": "affected", "versionType": "git"}, {"version": "908d1742b6e6", "lessThan": "4ca6013cd18e", "status": "affected", "versionType": "git"}, {"version": "ea3ebda47dd5", "lessThan": "e6e200b26427", "status": "affected", "versionType": "git"}, {"version": "272970be3dab", "lessThan": "e2d8aa4c7635", "status": "affected", "versionType": "git"}, {"version": "272970be3dab", "lessThan": "977b9dc65e14", "status": "affected", "versionType": "git"}, {"version": "272970be3dab", "lessThan": "88e72239ead9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bluetooth/hci_qca.c"], "versions": [{"version": "6.2", "status": "affected"}, {"version": "0", "lessThan": "6.2", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb"}, {"url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11"}, {"url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b"}, {"url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5"}, {"url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b"}, {"url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26"}], "title": "Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42137", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:16:06.425192Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:24.671Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF05EAFA-9345-4303-8E4A-118C81B5FDC8", "versionEndExcluding": "5.10.222", "versionStartIncluding": "5.10.165", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F190A745-DE5B-4FA4-B504-04D029449519", "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.15.90", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D6B9E05-F2EB-4D2B-94B9-4CB17D7D13C7", "versionEndExcluding": "6.1.98", "versionStartIncluding": "6.1.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970", "versionEndExcluding": "6.6.39", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\n\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\n\nBT can't be enabled after below steps:\ncold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\n\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\n\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\n\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: qca: corrija el error de habilitaci\u00f3n de BT nuevamente para QCA6390 despu\u00e9s de un reinicio en caliente. La confirmaci\u00f3n 272970be3dab (\"Bluetooth: hci_qca: corrija el apagado del controlador en un serdev cerrado\") causar\u00e1 el siguiente problema de regresi\u00f3n: BT puede No se habilitar\u00e1 despu\u00e9s de los pasos siguientes: arranque en fr\u00edo -> habilitar BT -> deshabilitar BT -> reinicio en caliente -> falla de habilitaci\u00f3n de BT si la propiedad enable-gpios no est\u00e1 configurada dentro de DT|ACPI para QCA6390. El compromiso es solucionar un problema de use after free dentro de qca_serdev_shutdown() agregando una condici\u00f3n para evitar que el serdev se vac\u00ede o escriba despu\u00e9s de cerrarse, pero tambi\u00e9n introduce este problema de regresi\u00f3n con respecto a los pasos anteriores, ya que el VSC no se env\u00eda para restablecer el controlador durante el reinicio en caliente. . Se solucion\u00f3 enviando el VSC para restablecer el controlador dentro de qca_serdev_shutdown() una vez que BT estuvo habilitado, y el problema de use after free tambi\u00e9n se solucion\u00f3 con este cambio ya que el serdev todav\u00eda est\u00e1 abierto antes de vaciarse o escribirse. Verificado por la computadora port\u00e1til Dell XPS 13 9310 de la m\u00e1quina informada en las siguientes dos confirmaciones del kernel: confirmaci\u00f3n e00fc2700a3f (\"Bluetooth: btusb: soluci\u00f3n de activaci\u00f3n de la implementaci\u00f3n de coredump para QCA\") del \u00e1rbol siguiente de bluetooth. confirme b23d98d46d28 (\"Bluetooth: btusb: soluci\u00f3n que activa la implementaci\u00f3n de coredump para QCA\") del \u00e1rbol principal de Linux."}], "id": "CVE-2024-42137", "lastModified": "2024-09-16T14:01:40.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-30T08:15:05.583", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot", "id": "2301502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301502"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\nBT can't be enabled after below steps:\ncold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree."], "name": "CVE-2024-42137", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42137\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42137\nhttps://lore.kernel.org/linux-cve-announce/2024073029-CVE-2024-42137-3637@gregkh/T"], "statement": "No Red Hat products are affected by this vulnerability.", "threat_severity": "Low", "upstream_fix": "kernel 5.10.222, kernel 5.15.163, kernel 6.1.98, kernel 6.6.39, kernel 6.9.9, kernel 6.10"}