CVE-2024-42137
Dell XPS 13 Bluetooth QCA6390 Use-After-Free Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() by adding condition to avoid the serdev is flushed or wrote after closed but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also fixed by this change since the serdev is still opened before it is flushed or wrote. Verified by the reported machine Dell XPS 13 9310 laptop over below two kernel commits: commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of bluetooth-next tree. commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of linus mainline tree.
INFO
Published Date :
July 30, 2024, 8:15 a.m.
Last Modified :
Nov. 21, 2024, 9:33 a.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-42137.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-42137 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-42137 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb Added Reference https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11 Added Reference https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26 Added Reference https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b Added Reference https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5 Added Reference https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b -
Initial Analysis by [email protected]
Sep. 16, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Changed Reference Type https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb No Types Assigned https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb Patch Changed Reference Type https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11 No Types Assigned https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11 Patch Changed Reference Type https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26 No Types Assigned https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26 Patch Changed Reference Type https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b No Types Assigned https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b Patch Changed Reference Type https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5 No Types Assigned https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5 Patch Changed Reference Type https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b No Types Assigned https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b Patch Added CWE NIST NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.165 up to (excluding) 5.10.222 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.90 up to (excluding) 5.15.163 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.8 up to (excluding) 6.1.98 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.39 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.9.9 *cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:* -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jul. 30, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() by adding condition to avoid the serdev is flushed or wrote after closed but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also fixed by this change since the serdev is still opened before it is flushed or wrote. Verified by the reported machine Dell XPS 13 9310 laptop over below two kernel commits: commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of bluetooth-next tree. commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of linus mainline tree. Added Reference kernel.org https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-42137 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-42137
weaknesses.