ByteOS Network

CVE Vulnerability Details :

CVE-2024-50044

PUBLISHED

More Info Official Page

Assigner-Linux

Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67

Published At-21 Oct, 2024 | 19:39

Updated At-04 May, 2025 | 09:44

▼CVE Numbering Authority (CNA)

Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it causing the following trace: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ------------------------------------------------------ syz-executor386/5093 is trying to acquire lock: ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline] ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73 but task is already holding lock: ffff88807badfd28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491

Affected Products

Vendor

Linux Kernel Organization, Inc

Product

Linux

Repo

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Program Files

net/bluetooth/rfcomm/sock.c

Default Status

unaffected

Versions

Affected

From 3241ad820dbb172021e0268b5611031991431626 before b77b3fb12fd483cae7c28648903b1d8a6b275f01 (git)
From 3241ad820dbb172021e0268b5611031991431626 before 869c6ee62ab8f01bf2419e45326642be5c9b670a (git)
From 3241ad820dbb172021e0268b5611031991431626 before ef44274dae9b0a90d1a97ce8b242a3b8243a7745 (git)
From 3241ad820dbb172021e0268b5611031991431626 before 496b2ab0fd10f205e08909a125485fdc98843dbe (git)
From 3241ad820dbb172021e0268b5611031991431626 before ced98072d3511b232ae1d3347945f35f30c0e303 (git)
From 3241ad820dbb172021e0268b5611031991431626 before 38b2d5a57d125e1c17661b8308c0240c4a43b534 (git)
From 3241ad820dbb172021e0268b5611031991431626 before 4cb9807c9b53bf1e5560420d26f319f528b50268 (git)
From 3241ad820dbb172021e0268b5611031991431626 before 08d1914293dae38350b8088980e59fbc699a72fe (git)

Vendor

Linux Kernel Organization, Inc

Product

Linux

Repo

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Program Files

net/bluetooth/rfcomm/sock.c

Default Status

affected

Versions

Affected

2.6.27

Unaffected

From 0 before 2.6.27 (semver)
From 4.19.323 through 4.19.* (semver)
From 5.4.285 through 5.4.* (semver)
From 5.10.227 through 5.10.* (semver)
From 5.15.168 through 5.15.* (semver)
From 6.1.113 through 6.1.* (semver)
From 6.6.57 through 6.6.* (semver)
From 6.11.4 through 6.11.* (semver)
From 6.12 through * (original_commit_for_fix)

References

Hyperlink	Resource
https://git.kernel.org/stable/c/b77b3fb12fd483cae7c28648903b1d8a6b275f01	N/A
https://git.kernel.org/stable/c/869c6ee62ab8f01bf2419e45326642be5c9b670a	N/A
https://git.kernel.org/stable/c/ef44274dae9b0a90d1a97ce8b242a3b8243a7745	N/A
https://git.kernel.org/stable/c/496b2ab0fd10f205e08909a125485fdc98843dbe	N/A
https://git.kernel.org/stable/c/ced98072d3511b232ae1d3347945f35f30c0e303	N/A
https://git.kernel.org/stable/c/38b2d5a57d125e1c17661b8308c0240c4a43b534	N/A
https://git.kernel.org/stable/c/4cb9807c9b53bf1e5560420d26f319f528b50268	N/A
https://git.kernel.org/stable/c/08d1914293dae38350b8088980e59fbc699a72fe	N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Affected

Unaffected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References