PT-2024-7828 · Linux+5 · Linux Kernel+5

Emil Kronborg

·

Published

2024-04-09

·

Updated

2026-02-21

·

CVE-2024-27000

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37
Description The vulnerability is related to the serial component of the Linux kernel, specifically with the uart handle cts change() function in serial core, which expects the caller to hold uport->lock. The issue arises when the Bluetooth driver is loaded on an i.MX28 board, leading to a kernel splat. The vulnerability can cause a denial of service.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the Bluetooth driver until a patch is available. Restrict access to the vulnerable mxs-auart module to minimize the risk of exploitation. Avoid using the uart handle cts change() function in the affected API endpoint until the issue is resolved.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

AZL-40454
BDU:2024-09328
CVE-2024-27000
DLA-3842-1
DSA-5680-1
DSA-5681-1
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1677
OESA-2024-1678
OESA-2024-1679
OESA-2024-1680
OESA-2024-1681
OESA-2024-1682
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6918-1
USN-6919-1
USN-6927-1
USN-7019-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu