CVE-2024-35850

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: qca: fix NULL-deref on non-serdev setup

Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL.

Add the missing sanity check to prevent a NULL-pointer dereference when setup() is called for a non-serdev controller.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe9b3e5b8c65733f626a7ee919c4bc895b51d7bb2 < 67459f1a707aae6d590454de07956c2752e21ea4affected
LinuxLinuxe9b3e5b8c65733f626a7ee919c4bc895b51d7bb2 < bec4d4c6fa5c6526409f582e4f31144e20c86c21affected
LinuxLinuxe9b3e5b8c65733f626a7ee919c4bc895b51d7bb2 < 7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86affected
LinuxLinux6.2affected
LinuxLinux0 < 6.2unaffected
LinuxLinux6.6.30 <= 6.6.*unaffected
LinuxLinux6.8.9 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References