CVE-2024-42137: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() by adding condition to avoid the serdev is flushed or wrote after closed but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also fixed by this change since the serdev is still opened before it is flushed or wrote. Verified by the reported machine Dell XPS 13 9310 laptop over below two kernel commits: commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of bluetooth-next tree. commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of linus mainline tree.
AI Analysis
Technical Summary
CVE-2024-42137 addresses a vulnerability in the Linux kernel's Bluetooth subsystem specifically related to Qualcomm Atheros QCA6390 chipsets. The issue originated from a regression caused by a kernel commit (272970be3dab) intended to fix a use-after-free bug in the qca_serdev_shutdown() function. This fix introduced a new problem where Bluetooth (BT) could not be re-enabled after a sequence of operations: cold boot, enabling BT, disabling BT, followed by a warm reboot. The root cause was that the Virtual Serial Controller (VSC) command to reset the controller was not sent during warm reboot if the device tree (DT) or ACPI configuration lacked the enable-gpios property for QCA6390. This omission led to the Bluetooth controller remaining in an unreset state, causing BT enable failure. The regression was verified on a Dell XPS 13 9310 laptop. The final fix involved modifying qca_serdev_shutdown() to send the VSC reset command if Bluetooth had ever been enabled, ensuring the controller resets properly on warm reboot and preventing the use-after-free condition by keeping the serdev interface open until flushed or written. This vulnerability is specific to Linux kernel versions containing the faulty commits and affects systems using the QCA6390 Bluetooth chipset without proper DT/ACPI configuration. No known exploits are reported in the wild as of publication.
Potential Impact
For European organizations, this vulnerability primarily impacts devices running Linux kernels with the affected commits and using Qualcomm QCA6390 Bluetooth chipsets, such as certain laptops (e.g., Dell XPS 13 9310). The impact is mainly operational rather than security-critical: Bluetooth functionality may fail to re-enable after a warm reboot, potentially disrupting wireless peripheral connectivity, device pairing, and related workflows. This could affect productivity in environments relying on Bluetooth devices for input, communication, or data transfer. Although no direct exploitation for privilege escalation or data compromise is indicated, the regression could lead to denial of Bluetooth service, impacting availability. In sectors like manufacturing, healthcare, or finance where Bluetooth devices are integrated into operational technology or secure environments, this could cause workflow interruptions. The lack of known exploits and the specificity of the hardware and configuration reduce the immediate risk, but organizations should be aware of potential operational disruptions and plan updates accordingly.
Mitigation Recommendations
Organizations should ensure their Linux systems are updated to kernel versions containing the fix that sends the VSC reset command during qca_serdev_shutdown(). Specifically, applying the commits referenced (including 272970be3dab and subsequent fixes) is critical. For systems using QCA6390 chipsets, verify that device tree (DT) or ACPI configurations include the enable-gpios property to avoid the regression scenario. System administrators should audit their Linux kernel versions and Bluetooth driver states on affected hardware, particularly laptops like Dell XPS 13 9310, and prioritize patching. In environments where immediate patching is not feasible, consider workarounds such as avoiding warm reboot sequences that disable and re-enable Bluetooth or using cold boots to reset the controller state. Monitoring Bluetooth functionality post-reboot can help detect the issue early. Additionally, coordinate with hardware vendors and Linux distribution maintainers to confirm the presence of fixes in distribution kernels and backport patches if necessary.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Belgium, Italy, Spain
CVE-2024-42137: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() by adding condition to avoid the serdev is flushed or wrote after closed but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also fixed by this change since the serdev is still opened before it is flushed or wrote. Verified by the reported machine Dell XPS 13 9310 laptop over below two kernel commits: commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of bluetooth-next tree. commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of linus mainline tree.
AI-Powered Analysis
Technical Analysis
CVE-2024-42137 addresses a vulnerability in the Linux kernel's Bluetooth subsystem specifically related to Qualcomm Atheros QCA6390 chipsets. The issue originated from a regression caused by a kernel commit (272970be3dab) intended to fix a use-after-free bug in the qca_serdev_shutdown() function. This fix introduced a new problem where Bluetooth (BT) could not be re-enabled after a sequence of operations: cold boot, enabling BT, disabling BT, followed by a warm reboot. The root cause was that the Virtual Serial Controller (VSC) command to reset the controller was not sent during warm reboot if the device tree (DT) or ACPI configuration lacked the enable-gpios property for QCA6390. This omission led to the Bluetooth controller remaining in an unreset state, causing BT enable failure. The regression was verified on a Dell XPS 13 9310 laptop. The final fix involved modifying qca_serdev_shutdown() to send the VSC reset command if Bluetooth had ever been enabled, ensuring the controller resets properly on warm reboot and preventing the use-after-free condition by keeping the serdev interface open until flushed or written. This vulnerability is specific to Linux kernel versions containing the faulty commits and affects systems using the QCA6390 Bluetooth chipset without proper DT/ACPI configuration. No known exploits are reported in the wild as of publication.
Potential Impact
For European organizations, this vulnerability primarily impacts devices running Linux kernels with the affected commits and using Qualcomm QCA6390 Bluetooth chipsets, such as certain laptops (e.g., Dell XPS 13 9310). The impact is mainly operational rather than security-critical: Bluetooth functionality may fail to re-enable after a warm reboot, potentially disrupting wireless peripheral connectivity, device pairing, and related workflows. This could affect productivity in environments relying on Bluetooth devices for input, communication, or data transfer. Although no direct exploitation for privilege escalation or data compromise is indicated, the regression could lead to denial of Bluetooth service, impacting availability. In sectors like manufacturing, healthcare, or finance where Bluetooth devices are integrated into operational technology or secure environments, this could cause workflow interruptions. The lack of known exploits and the specificity of the hardware and configuration reduce the immediate risk, but organizations should be aware of potential operational disruptions and plan updates accordingly.
Mitigation Recommendations
Organizations should ensure their Linux systems are updated to kernel versions containing the fix that sends the VSC reset command during qca_serdev_shutdown(). Specifically, applying the commits referenced (including 272970be3dab and subsequent fixes) is critical. For systems using QCA6390 chipsets, verify that device tree (DT) or ACPI configurations include the enable-gpios property to avoid the regression scenario. System administrators should audit their Linux kernel versions and Bluetooth driver states on affected hardware, particularly laptops like Dell XPS 13 9310, and prioritize patching. In environments where immediate patching is not feasible, consider workarounds such as avoiding warm reboot sequences that disable and re-enable Bluetooth or using cold boots to reset the controller state. Monitoring Bluetooth functionality post-reboot can help detect the issue early. Additionally, coordinate with hardware vendors and Linux distribution maintainers to confirm the presence of fixes in distribution kernels and backport patches if necessary.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-29T15:50:41.188Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe1b66
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 5:40:22 AM
Last updated: 7/31/2025, 1:52:49 AM
Views: 11
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.