CVE-2024-53207 — Improper Locking in Linux

CWE-667 — Improper Locking6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 99.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +3 more

Timeline

PublishedDec 27

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000 W…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶NVDlinux/linux_kernel6.6.55 — 6.6.64+3

▶Debianlinux/linux_kernel< 6.1.123-1+2

▶msrcmsrc/azl3_kernel_6.6.57.1-7_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.64.2-1_on_azure_linux_3.0

▶CVEListV5linux/linux19b40ca62607cef78369549d1af091f2fd558931 — c3f594a3473d6429a0bcf2004cb2885368741b79+6

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2024-53207: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the fol↗2024-12-27

▶

GHSA

GHSA-fgfp-pp34-jxvv: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the f↗2024-12-27

▶

📋Vendor Advisories

Red Hat

kernel: Bluetooth: MGMT: Fix possible deadlocks↗2024-12-27

▶

Microsoft

Bluetooth: MGMT: Fix possible deadlocks↗2024-12-10

▶

Debian

CVE-2024-53207: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...↗2024

▶