5.5

CVE-2024-35850

EPSS 0.03%
Published 17.05.2024 15:15:21
Last modified 30.12.2024 17:42:02
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: qca: fix NULL-deref on non-serdev setup

Qualcomm ROME controllers can be registered from the Bluetooth line
discipline and in this case the HCI UART serdev pointer is NULL.

Add the missing sanity check to prevent a NULL-pointer dereference when
setup() is called for a non-serdev controller.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.30

Linux ≫ Linux Kernel Version >= 6.7 < 6.8.9

Linux ≫ Linux Kernel Version6.9 Updaterc1

Linux ≫ Linux Kernel Version6.9 Updaterc2

Linux ≫ Linux Kernel Version6.9 Updaterc3

Linux ≫ Linux Kernel Version6.9 Updaterc4

Linux ≫ Linux Kernel Version6.9 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.083

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/67459f1a707aae6d590454de07956c2752e21ea4

Patch

https://git.kernel.org/stable/c/7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86

Patch

https://git.kernel.org/stable/c/bec4d4c6fa5c6526409f582e4f31144e20c86c21

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-35850

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35850

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35850

EUVD