CVE-2024-50044

Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change

rfcomm_sk_state_change attempts to use sock_lock so it must never be
called with it locked but rfcomm_sock_ioctl always attempt to lock it
causing the following trace:

======================================================
WARNING: possible circular locking dependency detected
6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted
------------------------------------------------------
syz-executor386/5093 is trying to acquire lock:
ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline]
ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73

but task is already holding lock:
ffff88807badfd28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-10-21 CVE Published
2024-10-21 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/3241ad820dbb172021e0268b5611031991431626	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ef44274dae9b0a90d1a97ce8b242a3b8243a7745	2024-10-17
https://git.kernel.org/stable/c/496b2ab0fd10f205e08909a125485fdc98843dbe	2024-10-17
https://git.kernel.org/stable/c/ced98072d3511b232ae1d3347945f35f30c0e303	2024-10-17
https://git.kernel.org/stable/c/38b2d5a57d125e1c17661b8308c0240c4a43b534	2024-10-17
https://git.kernel.org/stable/c/4cb9807c9b53bf1e5560420d26f319f528b50268	2024-10-17
https://git.kernel.org/stable/c/08d1914293dae38350b8088980e59fbc699a72fe	2024-10-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 5.10.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 5.10.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 5.15.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 5.15.168"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 6.1.113 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 6.1.113"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 6.6.57 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 6.6.57"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 6.11.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 6.11.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 6.12-rc3 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 6.12-rc3"		en		Affected