In the Linux kernel, a vulnerability (CVE-2024-50044) pertaining to the Bluetooth: RFCOMM module was detected and has been resolved. Our post will provide an overview of the vulnerability, including a code snippet demonstrating the issue, links to original references, and details on the exploit.
The Vulnerability
The vulnerability lies in the Linux kernel's Bluetooth RFCOMM module. Specifically, there is a possible deadlock in the rfcomm_sk_state_change function. This deadlock can occur when the function attempts to use sock_lock but is called with it locked, while rfcomm_sock_ioctl always tries to lock it, causing the following trace:
WARNING: possible circular locking dependency detected
6.8.-syzkaller-08951-gfe46a7dd189e # Not tainted
syz-executor386/5093 is trying to acquire lock:
ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{:}, at: lock_sock include/net/sock.h:1671 [inline]
ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{:}, at: rfcomm_sk_state_change+x5b/x310 net/bluetooth/rfcomm/sock.c:73
but task is already holding lock:
ffff88807badfd28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+x226/x6a net/bluetooth/rfcomm/core.c:491
The Exploit
To initiate the exploit, an attacker can use the deadlock vulnerability in the Bluetooth RFCOMM module to cause a deadlock within the Linux kernel, affecting the performance and functionality of the targeted system.
While this issue has been resolved in the latest kernel updates, it is important for users and administrators to keep their Linux kernel up to date to avoid this and other potential security vulnerabilities.
Conclusion
In light of this vulnerability discovery and resolution, Linux kernel users and administrators must ensure that their systems are running updated kernel versions to mitigate the risk of exploitable deadlocks in the Bluetooth RFCOMM module. By staying informed and updating their systems regularly, users can protect their devices from potential security breaches.
Timeline
Published on: 10/21/2024 20:15:17 UTC
Last modified on: 11/19/2024 01:15:07 UTC