U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2024-41063 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destroy_workqueue(), for hci_error_reset() is called from hdev->req_workqueue which destroy_workqueue() needs to flush. We need to make sure that hdev->{rx_work,cmd_work,tx_work} which are queued into hdev->workqueue and hdev->{power_on,error_reset} which are queued into hdev->req_workqueue are no longer running by the moment destroy_workqueue(hdev->workqueue); destroy_workqueue(hdev->req_workqueue); are called from hci_release_dev(). Call cancel_work_sync() on these work items from hci_unregister_dev() as soon as hdev->list is removed from hci_dev_list.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913 Patch 
https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678 Patch 
https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9 Patch 
https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa Patch 
https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed Patch 
https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f Patch 
https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39 Patch 
https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-667 Improper Locking cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-41063
NVD Published Date:
07/29/2024
NVD Last Modified:
09/10/2024
Source:
kernel.org