| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122728-CVE-2024-53207-72f7@gregkh>
Date: Fri, 27 Dec 2024 14:52:53 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-53207: Bluetooth: MGMT: Fix possible deadlocks
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix possible deadlocks
This fixes possible deadlocks like the following caused by
hci_cmd_sync_dequeue causing the destroy function to run:
INFO: task kworker/u19:0:143 blocked for more than 120 seconds.
Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000
Workqueue: hci0 hci_cmd_sync_work [bluetooth]
Call Trace:
<TASK>
__schedule+0x374/0xaf0
schedule+0x3c/0xf0
schedule_preempt_disabled+0x1c/0x30
__mutex_lock.constprop.0+0x3ef/0x7a0
__mutex_lock_slowpath+0x13/0x20
mutex_lock+0x3c/0x50
mgmt_set_connectable_complete+0xa4/0x150 [bluetooth]
? kfree+0x211/0x2a0
hci_cmd_sync_dequeue+0xae/0x130 [bluetooth]
? __pfx_cmd_complete_rsp+0x10/0x10 [bluetooth]
cmd_complete_rsp+0x26/0x80 [bluetooth]
mgmt_pending_foreach+0x4d/0x70 [bluetooth]
__mgmt_power_off+0x8d/0x180 [bluetooth]
? _raw_spin_unlock_irq+0x23/0x40
hci_dev_close_sync+0x445/0x5b0 [bluetooth]
hci_set_powered_sync+0x149/0x250 [bluetooth]
set_powered_sync+0x24/0x60 [bluetooth]
hci_cmd_sync_work+0x90/0x150 [bluetooth]
process_one_work+0x13e/0x300
worker_thread+0x2f7/0x420
? __pfx_worker_thread+0x10/0x10
kthread+0x107/0x140
? __pfx_kthread+0x10/0x10
ret_from_fork+0x3d/0x60
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1b/0x30
</TASK>
The Linux kernel CVE team has assigned CVE-2024-53207 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.6.55 with commit 4883296505aa7e4863c6869b689afb6005633b23 and fixed in 6.6.64 with commit 5703fb1d85f653e35b327b14de4db7da239e4fd9
Issue introduced in 6.11.3 with commit 8c3f7943a29145d8a2d8e24893762f7673323eae and fixed in 6.11.11 with commit 6a25ce9b4af6dc26ee2b9c32d6bd37620bf9739e
Issue introduced in 6.12 with commit f53e1c9c726d83092167f2226f32bd3b73f26c21 and fixed in 6.12.2 with commit cac34e44281f1f1bd842adbbcfe3ef9ff0905111
Issue introduced in 6.12 with commit f53e1c9c726d83092167f2226f32bd3b73f26c21 and fixed in 6.13-rc1 with commit a66dfaf18fd61bb75ef8cee83db46b2aadf153d0
Issue introduced in 6.10.14 with commit 0cc47233af35fb5f10b5e6a027cb4ccd480caf9a
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-53207
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/bluetooth/mgmt.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/c3f594a3473d6429a0bcf2004cb2885368741b79
https://git.kernel.org/stable/c/5703fb1d85f653e35b327b14de4db7da239e4fd9
https://git.kernel.org/stable/c/6a25ce9b4af6dc26ee2b9c32d6bd37620bf9739e
https://git.kernel.org/stable/c/cac34e44281f1f1bd842adbbcfe3ef9ff0905111
https://git.kernel.org/stable/c/a66dfaf18fd61bb75ef8cee83db46b2aadf153d0
Powered by blists - more mailing lists