medium
5.5
CWE
667
Advisory Published
Updated

CVE-2024-41063: Bluetooth: hci_core: cancel all works upon hci_unregister_dev()

First published: Mon Jul 29 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destroy_workqueue(), for hci_error_reset() is called from hdev->req_workqueue which destroy_workqueue() needs to flush. We need to make sure that hdev->{rx_work,cmd_work,tx_work} which are queued into hdev->workqueue and hdev->{power_on,error_reset} which are queued into hdev->req_workqueue are no longer running by the moment destroy_workqueue(hdev->workqueue); destroy_workqueue(hdev->req_workqueue); are called from hci_release_dev(). Call cancel_work_sync() on these work items from hci_unregister_dev() as soon as hdev->list is removed from hci_dev_list.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Linux kernel<4.19.319
Linux Linux kernel>=4.20<5.4.281
Linux Linux kernel>=5.5<5.10.223
Linux Linux kernel>=5.11<5.15.164
Linux Linux kernel>=5.16<6.1.101
Linux Linux kernel>=6.2<6.6.42
Linux Linux kernel>=6.7<6.9.11
Linux Linux kernel=6.10-rc1
Linux Linux kernel=6.10-rc2
Linux Linux kernel=6.10-rc3
Linux Linux kernel=6.10-rc4
Linux Linux kernel=6.10-rc5
Linux Linux kernel=6.10-rc6
redhat/kernel<4.19.319
4.19.319
redhat/kernel<5.4.281
5.4.281
redhat/kernel<5.10.223
5.10.223
redhat/kernel<5.15.164
5.15.164
redhat/kernel<6.1.101
6.1.101
redhat/kernel<6.6.42
6.6.42
redhat/kernel<6.9.11
6.9.11
redhat/kernel<6.10
6.10
debian/linux
5.10.223-1
5.10.226-1
6.1.115-1
6.1.112-1
6.11.7-1
6.11.9-1

Remedy

https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913

Remedy

https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678

Remedy

https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9

Remedy

https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa

Remedy

https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed

Remedy

https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f

Remedy

https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39

Remedy

https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203