cve/2024/CVE-2024-27000.md

### [CVE-2024-27000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27000)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=4d90bb147ef6%3C%2056434e295bd4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:serial: mxs-auart: add spinlock around changing cts stateThe uart_handle_cts_change() function in serial_core expects the callerto hold uport->lock. For example, I have seen the below kernel splat,when the Bluetooth driver is loaded on an i.MX28 board.    [   85.119255] ------------[ cut here ]------------    [   85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec    [   85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs    [   85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1    [   85.151396] Hardware name: Freescale MXS (Device Tree)    [   85.156679] Workqueue: hci0 hci_power_on [bluetooth]    (...)    [   85.191765]  uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4    [   85.198787]  mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210    (...)

### POC

#### Reference
- https://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026
- https://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026

#### Github
No PoCs found on GitHub currently.