CVE-2024-26959 - Critical Vulnerability in Linux kernel: Bluetooth btnxpuart_close Fixed

A recently discovered vulnerability (CVE-2024-26959) in the Linux kernel affects the Bluetooth btnxpuart function and could lead to serious security issues if exploited. The vulnerability has been resolved, and this post details the exploit, the code snippets involved, and steps to ensure proper patching of your system.

The vulnerability

The vulnerability was discovered in the Linux kernel's Bluetooth subsystem, specifically in the btnxpuart_close function. When closing the btnxpuart device, a scheduling while atomic BUG was observed, which could lead to a crash or other undesired behavior in the system.

The following output shows the error observed when the BUG occurs

[   10.973809] BUG: scheduling while atomic: kworker/u9:/80/x00000002
...
[   10.980740] CPU: 3 PID: 80 Comm: kworker/u9: Not tainted 6.8.-rc7-..-devel-00005-g61fdfceacf09 #1
[   10.980751] Hardware name: Toradex Verdin AM62 WB on Dahlia Board (DT)
[   10.980760] Workqueue: hci hci_power_off [bluetooth]
[   10.981169] Call trace:
...
[   10.981363]  uart_update_mctrl+x58/x78
[   10.981373]  uart_dtr_rts+x104/x114
[   10.981381]  tty_port_shutdown+xd4/xdc
[   10.981396]  tty_port_close+x40/xbc
[   10.981407]  uart_close+x34/x9c
[   10.981414]  ttyport_close+x50/x94
[   10.981430]  serdev_device_close+x40/x50
[   10.981442]  btnxpuart_close+x24/x98 [btnxpuart]
[   10.981469]  hci_dev_close_sync+x2d8/x718 [bluetooth]
[   10.981728]  hci_dev_do_close+x2c/x70 [bluetooth]
[   10.981862]  hci_power_off+x20/x64 [bluetooth]

The fix

To address this vulnerability, the btnxpuart_close function has been fixed. The fix ensures proper purging of the transmit queue and frees the receive skb, avoiding the scheduling while atomic BUG.

To verify whether your system is patched and the vulnerability has been resolved, you can check the Linux kernel version. The vulnerable kernel version was 6.8.-rc7-..-devel-00005-g61fdfceacf09, so any version released after this should include the fix for this vulnerability.

For further information, you can refer to the following resources

1. Linux kernel changelog for the fix
2. CVE-2024-26959 on the National Vulnerability Database

Conclusion

The CVE-2024-26959 vulnerability in the Linux kernel posed a significant security risk. Thanks to the timely identification and resolution of the issue, users should ensure that their systems are updated with the latest kernel version to avoid being subject to potential exploits. Regularly monitoring for new system vulnerabilities and applying relevant patches is a crucial aspect of maintaining a secure computing environment.

Timeline

Published on: 05/01/2024 06:15:12 UTC
Last modified on: 05/29/2024 05:25:53 UTC