CVE-2024-35850

MEDIUM

Linux Kernel < 6.6.30 - NULL Pointer Dereference

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when setup() is called for a non-serdev controller.

References (3)

[Patch] https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4

[Patch] https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86

[Patch] https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 9.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (8)

linux/linux_kernel < 6.6.30

linux/linux_kernel

linux/Kernel < 6.6.30linux

linux/Kernel < 6.8.9linux

Timeline

Published May 17, 2024

Tracked Since Feb 18, 2026