Emil Kronborg

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.37 **Description** The vulnerability is related to the serial component of the Linux kernel, specifically with the `uart handle cts change()` function in `serial core`, which expects the caller to hold `uport->lock`. The issue arises when the Bluetooth driver is loaded on an i.MX28 board, leading to a kernel splat. The vulnerability can cause a denial of service. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the Bluetooth driver until a patch is available. Restrict access to the vulnerable `mxs-auart` module to minimize the risk of exploitation. Avoid using the `uart handle cts change()` function in the affected API endpoint until the issue is resolved.