CVE-2024-57894 Information
Description
In the Linux kernel the following vulnerability has been resolved:
Bluetooth: hci_core: Fix sleeping function called from invalid context
This reworks hci_cb_list to not use mutex hci_cb_list_lock to avoid bugs like the bellow:
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
in_atomic(): 0 irqs_disabled(): 0 non_block: 0 pid: 5070 name: kworker/u9:2
preempt_count: 0 expected: 0
RCU nest depth: 1 expected: 0
4 locks held by kworker/u9:2/5070:
0: ffff888015be3948 ((wq_completion)hci02)+.+.-0:0 at: process_one_work kernel/workqueue.c:3229 [inline]
0: ffff888015be3948 ((wq_completion)hci02)+.+.-0:0 at: process_scheduled_works+0x8e0/0x1770 kernel/workqueue.c:3335
1: ffffc90003b6fd00 ((work_completion)(&hdev->rx_work))+.+.-0:0 at: process_one_work kernel/workqueue.c:3230 [inline]
1: ffffc90003b6fd00 ((work_completion)(&hdev->rx_work))+.+.-0:0 at: process_scheduled_works+0x91b/0x1770 kernel/workqueue.c:3335
2: ffff8880665d0078 (&hdev->lock)+.+.-3:3 at: hci_le_create_big_complete_evt+0xcf/0xae0 net/bluetooth/hci_event.c:6914
3: ffffffff8e132020 (rcu_read_lock)….-1:2 at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
3: ffffffff8e132020 (rcu_read_lock)….-1:2 at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
3: ffffffff8e132020 (rcu_read_lock)….-1:2 at: hci_le_create_big_complete_evt+0xdb/0xae0 net/bluetooth/hci_event.c:6915
CPU: 0 PID: 5070 Comm: kworker/u9:2 Not tainted 6.8.0-syzkaller-08073-g480e035fc4c7 0
Hardware name: Google Google Compute Engine/Google Compute Engine BIOS Google 03/27/2024
Workqueue: hci0 hci_rx_work
Call Trace:
Reference
https://git.kernel.org/stable/c/028a68886ead0764f4b26adfcaebf9f1955e76ea https://git.kernel.org/stable/c/4a31c018bfe4de84c0741aadd2c913a2490b186d https://git.kernel.org/stable/c/4d94f05558271654670d18c26c912da0c1c15549 https://git.kernel.org/stable/c/bef333418368c58690b501894324c09124e4614f
Share on: