SB2025011794 - Improper locking in Linux kernel net bluetooth
Published: January 17, 2025 Updated: May 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2024-57894)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sco_connect_ind() and sco_connect_cfm() functions in net/bluetooth/sco.c, within the rfcomm_run() and rfcomm_security_cfm() functions in net/bluetooth/rfcomm/core.c, within the l2cap_global_fixed_chan(), l2cap_connect_cfm() and l2cap_disconn_ind() functions in net/bluetooth/l2cap_core.c, within the iso_match() function in net/bluetooth/iso.c, within the DEFINE_RWLOCK(), hci_register_cb() and hci_unregister_cb() functions in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/028a68886ead0764f4b26adfcaebf9f1955e76ea
- https://git.kernel.org/stable/c/4a31c018bfe4de84c0741aadd2c913a2490b186d
- https://git.kernel.org/stable/c/4d94f05558271654670d18c26c912da0c1c15549
- https://git.kernel.org/stable/c/bef333418368c58690b501894324c09124e4614f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.70