CVE-2024-27000: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the caller to hold uport->lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded on an i.MX28 board. [ 85.119255] ------------[ cut here ]------------ [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1 [ 85.151396] Hardware name: Freescale MXS (Device Tree) [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth] (...) [ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4 [ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210 (...)
AI Analysis
Technical Summary
CVE-2024-27000 is a vulnerability identified in the Linux kernel, specifically within the serial driver subsystem for the mxs-auart UART controller. The issue arises because the function uart_handle_cts_change() in serial_core.c expects the caller to hold the uport->lock spinlock when changing the Clear To Send (CTS) state. Failure to properly acquire this lock can lead to race conditions and kernel warnings or crashes, as evidenced by kernel splats observed when the Bluetooth driver is loaded on i.MX28 hardware platforms. The vulnerability is rooted in improper synchronization around the CTS state change, which can cause concurrency issues in interrupt handling routines such as mxs_auart_irq_handle(). This can lead to kernel instability or denial of service (DoS) conditions due to unexpected kernel panics or warnings. The vulnerability affects Linux kernel versions identified by the commit hash 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4, which suggests a specific patch or kernel snapshot. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The fix involves adding a spinlock around the CTS state change to ensure proper synchronization and prevent race conditions during UART interrupt handling.
Potential Impact
For European organizations, this vulnerability primarily poses a risk to embedded systems and devices running affected Linux kernel versions with the mxs-auart UART driver, such as industrial control systems, IoT devices, and specialized hardware platforms using Freescale/NXP i.MX processors. The impact includes potential denial of service due to kernel crashes or instability, which could disrupt critical operations in manufacturing, telecommunications, or transportation sectors relying on such embedded Linux systems. While the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting system instability could cause operational downtime and impact availability. Organizations using Linux-based Bluetooth stacks on affected hardware may also experience service interruptions. Given the specialized nature of the affected driver and hardware, the threat is more relevant to sectors using embedded Linux rather than general-purpose desktop or server Linux distributions.
Mitigation Recommendations
European organizations should first identify if their systems run affected Linux kernel versions with the mxs-auart UART driver, particularly on Freescale/NXP i.MX28 or similar platforms. Mitigation steps include: 1) Applying the official Linux kernel patch that adds the required spinlock around CTS state changes as soon as it is available from trusted sources or kernel maintainers. 2) For embedded devices, coordinate with hardware vendors or system integrators to update firmware or kernel versions incorporating the fix. 3) Implement rigorous testing of updated kernels in staging environments to ensure stability before deployment. 4) Monitor kernel logs for warnings related to uart_handle_cts_change or related serial driver errors as early indicators of the issue. 5) Where patching is delayed, consider isolating affected devices from critical networks to reduce impact of potential DoS. 6) Maintain up-to-date inventories of embedded Linux devices and their kernel versions to facilitate rapid response to such vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy
CVE-2024-27000: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the caller to hold uport->lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded on an i.MX28 board. [ 85.119255] ------------[ cut here ]------------ [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1 [ 85.151396] Hardware name: Freescale MXS (Device Tree) [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth] (...) [ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4 [ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210 (...)
AI-Powered Analysis
Technical Analysis
CVE-2024-27000 is a vulnerability identified in the Linux kernel, specifically within the serial driver subsystem for the mxs-auart UART controller. The issue arises because the function uart_handle_cts_change() in serial_core.c expects the caller to hold the uport->lock spinlock when changing the Clear To Send (CTS) state. Failure to properly acquire this lock can lead to race conditions and kernel warnings or crashes, as evidenced by kernel splats observed when the Bluetooth driver is loaded on i.MX28 hardware platforms. The vulnerability is rooted in improper synchronization around the CTS state change, which can cause concurrency issues in interrupt handling routines such as mxs_auart_irq_handle(). This can lead to kernel instability or denial of service (DoS) conditions due to unexpected kernel panics or warnings. The vulnerability affects Linux kernel versions identified by the commit hash 4d90bb147ef6b91f529a21b498ff2b5fdc6785b4, which suggests a specific patch or kernel snapshot. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The fix involves adding a spinlock around the CTS state change to ensure proper synchronization and prevent race conditions during UART interrupt handling.
Potential Impact
For European organizations, this vulnerability primarily poses a risk to embedded systems and devices running affected Linux kernel versions with the mxs-auart UART driver, such as industrial control systems, IoT devices, and specialized hardware platforms using Freescale/NXP i.MX processors. The impact includes potential denial of service due to kernel crashes or instability, which could disrupt critical operations in manufacturing, telecommunications, or transportation sectors relying on such embedded Linux systems. While the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting system instability could cause operational downtime and impact availability. Organizations using Linux-based Bluetooth stacks on affected hardware may also experience service interruptions. Given the specialized nature of the affected driver and hardware, the threat is more relevant to sectors using embedded Linux rather than general-purpose desktop or server Linux distributions.
Mitigation Recommendations
European organizations should first identify if their systems run affected Linux kernel versions with the mxs-auart UART driver, particularly on Freescale/NXP i.MX28 or similar platforms. Mitigation steps include: 1) Applying the official Linux kernel patch that adds the required spinlock around CTS state changes as soon as it is available from trusted sources or kernel maintainers. 2) For embedded devices, coordinate with hardware vendors or system integrators to update firmware or kernel versions incorporating the fix. 3) Implement rigorous testing of updated kernels in staging environments to ensure stability before deployment. 4) Monitor kernel logs for warnings related to uart_handle_cts_change or related serial driver errors as early indicators of the issue. 5) Where patching is delayed, consider isolating affected devices from critical networks to reduce impact of potential DoS. 6) Maintain up-to-date inventories of embedded Linux devices and their kernel versions to facilitate rapid response to such vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.207Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9829c4522896dcbe3072
Added to database: 5/21/2025, 9:08:57 AM
Last enriched: 6/29/2025, 2:11:27 PM
Last updated: 7/31/2025, 12:14:18 PM
Views: 9
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.