CVE-2024-35851 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically affecting Qualcomm ROME Bluetooth controllers. The issue arises from a missing sanity check that leads to a NULL-pointer dereference during the suspend operation of certain Bluetooth devices. Qualcomm ROME controllers can be registered via the Bluetooth line discipline, but in this case, the HCI UART serdev pointer is NULL. When the wakeup() function is called on a non-serdev controller during system suspend, the absence of a NULL-pointer check causes the kernel to dereference a NULL pointer, resulting in a crash. This vulnerability affects Linux kernel versions prior to 6.2 that do not include the commit e9b3e5b8c657, which introduced a fix by assigning wakeup only with serial port support. The patch for this vulnerability restores the original behavior by returning true early in the wakeup() function to prevent the crash. Although this vulnerability causes a denial of service (DoS) condition through kernel crashes, it does not appear to allow privilege escalation or remote code execution. No known exploits are currently reported in the wild. The vulnerability is rooted in kernel-level Bluetooth driver code, which is critical for device connectivity and system stability.

For European organizations, this vulnerability primarily poses a risk of system instability and denial of service on Linux-based systems utilizing affected Qualcomm ROME Bluetooth controllers. Organizations relying on Linux servers, workstations, or embedded devices with Bluetooth capabilities may experience unexpected kernel crashes during suspend operations, potentially leading to service interruptions or loss of availability. This could affect sectors where Linux is widely deployed, including telecommunications, manufacturing, and critical infrastructure. Although the vulnerability does not currently enable remote code execution or data compromise, repeated crashes could disrupt business operations and impact user productivity. Additionally, environments with strict uptime requirements or those using Bluetooth for critical communications may face operational challenges. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the crash condition.

To mitigate this vulnerability, European organizations should prioritize updating their Linux kernel to version 6.2 or later, which includes the fix for this issue. For systems where immediate kernel upgrades are not feasible, applying backported patches from trusted Linux distribution vendors is recommended. Organizations should audit their Linux systems to identify the presence of Qualcomm ROME Bluetooth controllers and assess whether the affected Bluetooth line discipline is in use. Disabling Bluetooth functionality temporarily on critical systems where it is not required can reduce exposure. Additionally, monitoring system logs for kernel crashes related to Bluetooth suspend operations can help detect attempts to trigger this vulnerability. For embedded or specialized devices, coordination with hardware vendors to obtain firmware or driver updates is essential. Implementing robust system backup and recovery procedures will also help minimize operational impact in case of crashes.