CVE-2024-41063

MEDIUM EPSS 8.0%
Published Jul 29, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destroy_workqueue(), for hci_error_reset() is called from hdev->req_workqueue which destroy_workqueue() needs to flush. We need to make sure that hdev->{rx_work,cmd_work,tx_work} which are queued into hdev->workqueue and hdev->{power_on,error_reset} which are queued into hdev->req_workqueue are no longer running by the moment destroy_workqueue(hdev->workqueue); destroy_workqueue(hdev->req_workqueue); are called from hci_release_dev(). Call cancel_work_sync() on these work items from hci_unregister_dev() as soon as hdev->list is removed from hci_dev_list.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
8.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel* <4.19.319
linuxlinux_kernel*≥4.20  –  <5.4.281
linuxlinux_kernel*≥5.5  –  <5.10.223
linuxlinux_kernel*≥5.11  –  <5.15.164
linuxlinux_kernel*≥5.16  –  <6.1.101
linuxlinux_kernel*≥6.2  –  <6.6.42
linuxlinux_kernel*≥6.7  –  <6.9.11
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92
    Patch