CVE-2024-57987 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2024-57987?

CVE-2024-57987 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's Bluetooth subsystem allows kernel crashes when unsupported USB Bluetooth dongles are inserted. This affects Linux systems using the btrtl driver for Realtek Bluetooth chips. Attackers with physical access could cause denial of service by inserting malicious USB devices.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's Bluetooth subsystem allows kernel crashes when unsupported USB Bluetooth dongles are inserted. This affects Linux systems using the btrtl driver for Realtek Bluetooth chips. Attackers with physical access could cause denial of service by inserting malicious USB devices.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE, but fix commits indicate stable kernel branches are affected

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using the btrtl driver for Realtek Bluetooth chips. Requires physical USB insertion.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical reboot.

🟠

Likely Case

System crash when unsupported Bluetooth dongle is inserted, requiring reboot to restore functionality.

🟢

If Mitigated

Minor disruption if system automatically recovers from kernel panic, but still requires physical intervention.

🌐 Internet-Facing: LOW - Requires physical USB device insertion, not remotely exploitable.

🏢 Internal Only: MEDIUM - Physical access to insert USB device could cause denial of service on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires physical access to insert USB device. No authentication required once physical access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 02f9da874e5e, 1158ad8e8abb, or 3c15082f3567

Vendor Advisory: https://git.kernel.org/stable/c/02f9da874e5e4626f81772eacc18967921998a71

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable Bluetooth module loading

linux

Prevent btrtl module from loading to avoid vulnerability

echo 'blacklist btrtl' >> /etc/modprobe.d/blacklist-btrtl.conf
rmmod btrtl

Restrict USB device access

linux

Use udev rules to block unauthorized USB Bluetooth devices

echo 'SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="*", ATTR{authorized}="0"' > /etc/udev/rules.d/99-block-realtek-bluetooth.rules
udevadm control --reload-rules

🧯 If You Can't Patch

Implement strict physical security controls to prevent unauthorized USB device insertion
Disable Bluetooth functionality entirely if not required for system operation

🔍 How to Verify

Check if Vulnerable:

Check if btrtl module is loaded: lsmod | grep btrtl

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix: uname -r and verify against patched versions

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
NULL pointer dereference errors mentioning btrtl_setup_realtek

Network Indicators:

Sudden loss of Bluetooth connectivity

SIEM Query:

source="kern.log" AND "NULL pointer dereference" AND "btrtl"

📊 Metadata

CVE ID: CVE-2024-57987

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.03% exploit probability (7.9th percentile)

Published: February 27, 2025

Last Updated: October 1, 2025

🔗 References

https://git.kernel.org/stable/c/02f9da874e5e4626f81772eacc18967921998a71 Mailing List,Patch
https://git.kernel.org/stable/c/1158ad8e8abb361d4b2aaa010c9af74de20ab82b Mailing List,Patch
https://git.kernel.org/stable/c/3c15082f3567032d196e8760753373332508c2ca Mailing List,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57987, you might also want to check these: