| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024051739-CVE-2024-35851-31be@gregkh>
Date: Fri, 17 May 2024 16:47:44 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-35851: Bluetooth: qca: fix NULL-deref on non-serdev suspend
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: qca: fix NULL-deref on non-serdev suspend
Qualcomm ROME controllers can be registered from the Bluetooth line
discipline and in this case the HCI UART serdev pointer is NULL.
Add the missing sanity check to prevent a NULL-pointer dereference when
wakeup() is called for a non-serdev controller during suspend.
Just return true for now to restore the original behaviour and address
the crash with pre-6.2 kernels, which do not have commit e9b3e5b8c657
("Bluetooth: hci_qca: only assign wakeup with serial port support") that
causes the crash to happen already at setup() time.
The Linux kernel CVE team has assigned CVE-2024-35851 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.13 with commit c1a74160eaf1 and fixed in 5.15.158 with commit 52f9041deaca
Issue introduced in 5.13 with commit c1a74160eaf1 and fixed in 6.1.90 with commit e60502b907be
Issue introduced in 5.13 with commit c1a74160eaf1 and fixed in 6.6.30 with commit 6b47cdeb786c
Issue introduced in 5.13 with commit c1a74160eaf1 and fixed in 6.8.9 with commit b64092d2f108
Issue introduced in 5.13 with commit c1a74160eaf1 and fixed in 6.9 with commit 73e87c0a49fd
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-35851
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/bluetooth/hci_qca.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489
https://git.kernel.org/stable/c/e60502b907be350c518819297b565007a94c706d
https://git.kernel.org/stable/c/6b47cdeb786c38e4174319218db3fa6d7b4bba88
https://git.kernel.org/stable/c/b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189
https://git.kernel.org/stable/c/73e87c0a49fda31d7b589edccf4c72e924411371
Powered by blists - more mailing lists