代码拉取完成,页面将自动刷新
一、漏洞信息
漏洞编号:CVE-2024-42137
漏洞归属组件:kernel
漏洞归属的版本:4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0,6.6.0
CVSS V3.0分值:
BaseScore:5.5 Medium
Vector:CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞简述:
In the Linux kernel, the following vulnerability has been resolved:Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm rebootCommit 272970be3dab ( Bluetooth: hci_qca: Fix driver shutdown on closedserdev ) will cause below regression issue:BT can t be enabled after below steps:cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failureif property enable-gpios is not configured within DT|ACPI for QCA6390.The commit is to fix a use-after-free issue within qca_serdev_shutdown()by adding condition to avoid the serdev is flushed or wrote after closedbut also introduces this regression issue regarding above steps since theVSC is not sent to reset controller during warm reboot.Fixed by sending the VSC to reset controller within qca_serdev_shutdown()once BT was ever enabled, and the use-after-free issue is also fixed bythis change since the serdev is still opened before it is flushed or wrote.Verified by the reported machine Dell XPS 13 9310 laptop over below twokernel commits:commit e00fc2700a3f ( Bluetooth: btusb: Fix triggering coredumpimplementation for QCA ) of bluetooth-next tree.commit b23d98d46d28 ( Bluetooth: btusb: Fix triggering coredumpimplementation for QCA ) of linus mainline tree.
漏洞公开时间:2024-07-30 16:15:05
漏洞创建时间:2024-07-31 02:34:01
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2024-42137
漏洞分析指导链接:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
其它
漏洞补丁信息:
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm rebootCommit 272970be3dab ( Bluetooth: hci_qca: Fix driver shutdown on closedserdev ) will cause below regression issue:BT can t be enabled after below steps:cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failureif property enable-gpios is not configured within DT|ACPI for QCA6390.The commit is to fix a use-after-free issue within qca_serdev_shutdown()by adding condition to avoid the serdev is flushed or wrote after closedbut also introduces this regression issue regarding above steps since theVSC is not sent to reset controller during warm reboot.Fixed by sending the VSC to reset controller within qca_serdev_shutdown()once BT was ever enabled, and the use-after-free issue is also fixed bythis change since the serdev is still opened before it is flushed or wrote.Verified by the reported machine Dell XPS 13 9310 laptop over below twokernel commits:commit e00fc2700a3f ( Bluetooth: btusb: Fix triggering coredumpimplementation for QCA ) of bluetooth-next tree.commit b23d98d46d28 ( Bluetooth: btusb: Fix triggering coredumpimplementation for QCA ) of linus mainline tree.
openEuler评分:
5.5
Vector:CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
受影响版本排查(受影响/不受影响):
1.openEuler-22.03-LTS-SP3(5.10.0):受影响
2.openEuler-22.03-LTS-SP4(5.10.0):受影响
3.openEuler-24.03-LTS(6.6.0):受影响
4.openEuler-20.03-LTS-SP4(4.19.90):不受影响
5.master:不受影响
6.openEuler-24.03-LTS-Next(6.6.0):不受影响
7.openEuler-24.03-LTS-SP1(6.6.0):不受影响
修复是否涉及abi变化(是/否):
1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP1(5.10.0):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.master:否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-22.03-LTS-SP4(5.10.0):否
8.openEuler-24.03-LTS-SP1(6.6.0):否
原因说明:
1.openEuler-24.03-LTS(6.6.0):正常修复
2.openEuler-22.03-LTS-SP3(5.10.0):不修复-超出修复范围
3.openEuler-22.03-LTS-SP4(5.10.0):不修复-超出修复范围
4.master:不受影响-漏洞代码不能被攻击者触发
5.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发
6.openEuler-20.03-LTS-SP4(4.19.90):不受影响-漏洞代码不存在
7.openEuler-24.03-LTS-SP1(6.6.0):不受影响-漏洞代码不存在
三、漏洞修复
安全公告链接:https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1078
FileDragTip