CVE-2024-27000

serial: mxs-auart: add spinlock around changing cts state

Description

In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the caller to hold uport->lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded on an i.MX28 board. [ 85.119255] ------------[ cut here ]------------ [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1 [ 85.151396] Hardware name: Freescale MXS (Device Tree) [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth] (...) [ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4 [ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210 (...)

N/A
CVSS
Severity:
EPSS 0.11%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/56434e295bd446142025913bfdf1587f5e1970ad
https://git.kernel.org/stable/c/21535ef0ac1945080198fe3e4347ea498205c99a
https://git.kernel.org/stable/c/0dc0637e6b16158af85945425821bfd0151adb37
https://git.kernel.org/stable/c/479244d68f5d94f3903eced52b093c1e01ddb495
https://git.kernel.org/stable/c/2c9b943e9924cf1269e44289bc5e60e51b0f5270
https://git.kernel.org/stable/c/5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37
https://git.kernel.org/stable/c/94b0e65c75f4af888ab2dd6c90f060f762924e86
https://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Frequently Asked Questions

What is the severity of CVE-2024-27000?
CVE-2024-27000 has not yet been assigned a CVSS score.
How to fix CVE-2024-27000?
To fix CVE-2024-27000, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27000 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27000 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27000?
CVE-2024-27000 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.