CVE-2024-41063 (GCVE-0-2024-41063)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-05-23 15:51
VLAI?
Title
Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destroy_workqueue(), for hci_error_reset() is called from hdev->req_workqueue which destroy_workqueue() needs to flush. We need to make sure that hdev->{rx_work,cmd_work,tx_work} which are queued into hdev->workqueue and hdev->{power_on,error_reset} which are queued into hdev->req_workqueue are no longer running by the moment destroy_workqueue(hdev->workqueue); destroy_workqueue(hdev->req_workqueue); are called from hci_release_dev(). Call cancel_work_sync() on these work items from hci_unregister_dev() as soon as hdev->list is removed from hci_dev_list.
Severity ?
No CVSS data available.
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: e0b278650f07acf2e0932149183458468a731c03 , < 48542881997e17b49dc16b93fe910e0cfcf7a9f9 (git)
Affected: 98fb98fd37e42fd4ce13ff657ea64503e24b6090 , < 9cfc84b1d464cc024286f42a090718f9067b80ed (git)
Affected: 6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2 , < ddeda6ca5f218b668b560d90fc31ae469adbfd92 (git)
Affected: da4569d450b193e39e87119fd316c0291b585d14 , < d2ce562a5aff1dcd0c50d9808ea825ef90da909f (git)
Affected: 45085686b9559bfbe3a4f41d3d695a520668f5e1 , < 96600c2e5ee8213dbab5df1617293d8e847bb4fa (git)
Affected: 2ab9a19d896f5a0dd386e1f001c5309bc35f433b , < d6cbce18370641a21dd889e8613d8153df15eb39 (git)
Affected: 2449007d3f73b2842c9734f45f0aadb522daf592 , < 3f939bd73fed12dddc2a32a76116c19ca47c7678 (git)
Affected: 2449007d3f73b2842c9734f45f0aadb522daf592 , < 0d151a103775dd9645c78c97f77d6e2a5298d913 (git)
Affected: dd594cdc24f2e48dab441732e6dfcafd6b0711d1 (git)
Affected: 4.19.309 , < 4.19.319 (semver)
Affected: 5.4.271 , < 5.4.281 (semver)
Affected: 5.10.212 , < 5.10.223 (semver)
Affected: 5.15.151 , < 5.15.164 (semver)
Affected: 6.1.81 , < 6.1.101 (semver)
Affected: 6.6.21 , < 6.6.42 (semver)
Affected: 6.7.9 , < 6.8 (semver)
Create a notification for this product.
    Linux Linux Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 4.19.319 , ≤ 4.19.* (semver)
Unaffected: 5.4.281 , ≤ 5.4.* (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.164 , ≤ 5.15.* (semver)
Unaffected: 6.1.101 , ≤ 6.1.* (semver)
Unaffected: 6.6.42 , ≤ 6.6.* (semver)
Unaffected: 6.9.11 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:11.784Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41063",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:02.545206Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:59.040Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "48542881997e17b49dc16b93fe910e0cfcf7a9f9",
              "status": "affected",
              "version": "e0b278650f07acf2e0932149183458468a731c03",
              "versionType": "git"
            },
            {
              "lessThan": "9cfc84b1d464cc024286f42a090718f9067b80ed",
              "status": "affected",
              "version": "98fb98fd37e42fd4ce13ff657ea64503e24b6090",
              "versionType": "git"
            },
            {
              "lessThan": "ddeda6ca5f218b668b560d90fc31ae469adbfd92",
              "status": "affected",
              "version": "6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2",
              "versionType": "git"
            },
            {
              "lessThan": "d2ce562a5aff1dcd0c50d9808ea825ef90da909f",
              "status": "affected",
              "version": "da4569d450b193e39e87119fd316c0291b585d14",
              "versionType": "git"
            },
            {
              "lessThan": "96600c2e5ee8213dbab5df1617293d8e847bb4fa",
              "status": "affected",
              "version": "45085686b9559bfbe3a4f41d3d695a520668f5e1",
              "versionType": "git"
            },
            {
              "lessThan": "d6cbce18370641a21dd889e8613d8153df15eb39",
              "status": "affected",
              "version": "2ab9a19d896f5a0dd386e1f001c5309bc35f433b",
              "versionType": "git"
            },
            {
              "lessThan": "3f939bd73fed12dddc2a32a76116c19ca47c7678",
              "status": "affected",
              "version": "2449007d3f73b2842c9734f45f0aadb522daf592",
              "versionType": "git"
            },
            {
              "lessThan": "0d151a103775dd9645c78c97f77d6e2a5298d913",
              "status": "affected",
              "version": "2449007d3f73b2842c9734f45f0aadb522daf592",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "dd594cdc24f2e48dab441732e6dfcafd6b0711d1",
              "versionType": "git"
            },
            {
              "lessThan": "4.19.319",
              "status": "affected",
              "version": "4.19.309",
              "versionType": "semver"
            },
            {
              "lessThan": "5.4.281",
              "status": "affected",
              "version": "5.4.271",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10.223",
              "status": "affected",
              "version": "5.10.212",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.164",
              "status": "affected",
              "version": "5.15.151",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.101",
              "status": "affected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.42",
              "status": "affected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThan": "6.8",
              "status": "affected",
              "version": "6.7.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.319",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.101",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.319",
                  "versionStartIncluding": "4.19.309",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.281",
                  "versionStartIncluding": "5.4.271",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "5.10.212",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.164",
                  "versionStartIncluding": "5.15.151",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.101",
                  "versionStartIncluding": "6.1.81",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.42",
                  "versionStartIncluding": "6.6.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.11",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: cancel all works upon hci_unregister_dev()\n\nsyzbot is reporting that calling hci_release_dev() from hci_error_reset()\ndue to hci_dev_put() from hci_error_reset() can cause deadlock at\ndestroy_workqueue(), for hci_error_reset() is called from\nhdev-\u003ereq_workqueue which destroy_workqueue() needs to flush.\n\nWe need to make sure that hdev-\u003e{rx_work,cmd_work,tx_work} which are\nqueued into hdev-\u003eworkqueue and hdev-\u003e{power_on,error_reset} which are\nqueued into hdev-\u003ereq_workqueue are no longer running by the moment\n\n       destroy_workqueue(hdev-\u003eworkqueue);\n       destroy_workqueue(hdev-\u003ereq_workqueue);\n\nare called from hci_release_dev().\n\nCall cancel_work_sync() on these work items from hci_unregister_dev()\nas soon as hdev-\u003elist is removed from hci_dev_list."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:51:51.517Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f"
        },
        {
          "url": "https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913"
        }
      ],
      "title": "Bluetooth: hci_core: cancel all works upon hci_unregister_dev()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41063",
    "datePublished": "2024-07-29T14:57:25.154Z",
    "dateReserved": "2024-07-12T12:17:45.628Z",
    "dateUpdated": "2026-05-23T15:51:51.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…