CVE-2024-57987: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57987 is a vulnerability in the Linux kernel's Bluetooth subsystem, specifically in the Realtek Bluetooth driver (btrtl). The vulnerability was discovered on February 26, 2025, and involves a NULL pointer dereference issue in the btrtlsetuprealtek() function. This affects Linux kernel versions from 6.10 up to (but not including) 6.12.13, and from 6.13 up to (but not including) 6.13.2 (NVD).

The vulnerability occurs when a USB dongle with a chip not maintained in the icidtable is inserted, causing a NULL pointer dereference. The issue stems from the btrtlsetuprealtek() function attempting to access ic_info without proper NULL checking. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required and the primary impact is on system availability (NVD).

When exploited, this vulnerability can cause a Kernel Oops (kernel panic), potentially leading to system instability or denial of service. The impact is limited to availability, with no direct effect on system confidentiality or integrity (NVD).

The vulnerability has been patched by adding a NULL pointer check before accessing btrtldev->icinfo in the btrtlsetuprealtek() function. The fix was implemented in the Linux kernel through commit 3c15082f3567032d196e8760753373332508c2ca. Users should update to Linux kernel versions 6.12.13 or 6.13.2 or later to receive the fix (Kernel Patch).