U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-42137 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() by adding condition to avoid the serdev is flushed or wrote after closed but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also fixed by this change since the serdev is still opened before it is flushed or wrote. Verified by the reported machine Dell XPS 13 9310 laptop over below two kernel commits: commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of bluetooth-next tree. commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of linus mainline tree.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb Patch 
https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb Patch 
https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11 Patch 
https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11 Patch 
https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26 Patch 
https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26 Patch 
https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b Patch 
https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b Patch 
https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5 Patch 
https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5 Patch 
https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b Patch 
https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b Patch 

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-noinfo Insufficient Information cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-42137
NVD Published Date:
07/30/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org