CVE-2024-35851
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's Bluetooth Qualcomm Atheros (qca) driver allows local attackers to cause a kernel panic (system crash) by triggering suspend operations on non-serdev Bluetooth controllers. This affects Linux systems with Qualcomm ROME Bluetooth controllers registered via the Bluetooth line discipline. The vulnerability requires local access to exploit.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, requiring physical or remote console access to reboot.
Likely Case
System crash when suspend/resume operations are triggered on affected Bluetooth configurations, causing temporary denial of service.
If Mitigated
No impact if patched or if system doesn't use affected Bluetooth controller configurations.
🎯 Exploit Status
Exploitation requires local access and ability to trigger suspend operations on affected Bluetooth configuration. No authentication bypass needed beyond local access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 52f9041deaca3fc5c40ef3b9cb943993ec7d2489, 6b47cdeb786c38e4174319218db3fa6d7b4bba88, 73e87c0a49fda31d7b589edccf4c72e924411371, b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189, e60502b907be350c518819297b565007a94c706d
Vendor Advisory: https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable affected Bluetooth configuration
linuxPrevent Qualcomm ROME controllers from being registered via Bluetooth line discipline
# Check if using affected configuration
dmesg | grep -i 'qca'
# Consider disabling Bluetooth if not needed
systemctl disable bluetooth
systemctl stop bluetooth
🧯 If You Can't Patch
- Restrict local access to prevent malicious users from triggering suspend operations
- Monitor system logs for kernel panic events related to Bluetooth suspend operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if using Qualcomm ROME Bluetooth: uname -r and dmesg | grep -i 'qca'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution's security update verification tools📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- Bluetooth suspend/resume failure logs
- NULL pointer dereference errors mentioning qca or Bluetooth
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer" OR "kernel panic" OR "qca")🔗 References
- https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489
- https://git.kernel.org/stable/c/6b47cdeb786c38e4174319218db3fa6d7b4bba88
- https://git.kernel.org/stable/c/73e87c0a49fda31d7b589edccf4c72e924411371
- https://git.kernel.org/stable/c/b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189
- https://git.kernel.org/stable/c/e60502b907be350c518819297b565007a94c706d
- https://git.kernel.org/stable/c/52f9041deaca3fc5c40ef3b9cb943993ec7d2489
- https://git.kernel.org/stable/c/6b47cdeb786c38e4174319218db3fa6d7b4bba88
- https://git.kernel.org/stable/c/73e87c0a49fda31d7b589edccf4c72e924411371
- https://git.kernel.org/stable/c/b64092d2f108f0cd1d7fd7e176f5fb2a67a2f189
- https://git.kernel.org/stable/c/e60502b907be350c518819297b565007a94c706d
