CVE-2024-35850

MEDIUM

Linux Kernel 6.2-6.6.29, 6.7-6.8.8 - NULL Pointer Dereference in Bluetooth QCA Controller Setup

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when setup() is called for a non-serdev controller.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4

Patch

https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21

Patch

https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86

Scores

CVSS v3 5.5

EPSS 0.0023

EPSS Percentile 14.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (12)

linux/Kernel 6.2.0 - 6.6.30linux

linux/Kernel 6.7.0 - 6.8.9linux

Linux/Linux < 6.2

Linux/Linux 6.2

Linux/Linux 6.6.30 - 6.6.*

Linux/Linux 6.8.9 - 6.8.*

Linux/Linux 6.9

Linux/Linux e9b3e5b8c65733f626a7ee919c4bc895b51d7bb2 - 67459f1a707aae6d590454de07956c2752e21ea4

Linux/Linux e9b3e5b8c65733f626a7ee919c4bc895b51d7bb2 - 7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86

Linux/Linux e9b3e5b8c65733f626a7ee919c4bc895b51d7bb2 - bec4d4c6fa5c6526409f582e4f31144e20c86c21

... and 2 more

Published May 17, 2024

Tracked Since Feb 18, 2026