CVE-2024-44962

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-44962
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44962.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-44962
Downstream
Related
Published
2024-09-04T18:35:59Z
Modified
2025-10-17T11:31:10.436944Z
Summary
Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading

When unload the btnxpuart driver, its associated timer will be deleted. If the timer happens to be modified at this moment, it leads to the kernel call this timer even after the driver unloaded, resulting in kernel panic. Use timershutdownsync() instead of deltimersync() to prevent rearming.

panic log: Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP Modules linked in: algifhash algifskcipher afalg moal(O) mlan(O) crct10difce polyvalce polyvalgeneric sndsocimxcard sndsocfslasoccard sndsocimxaudmux mxcjpegencdec v4l2jpeg sndsocwm8962 sndsocfslmicfil sndsocfslsai flexcan sndsocfslutils ap130x rpmsgctrl imxpcmdma candev rpmsgchar pwmfan fuse [last unloaded: btnxpuart] CPU: 5 PID: 723 Comm: memtester Tainted: G O 6.6.23-lts-next-06207-g4aef2658ac28 #1 Hardware name: NXP i.MX95 19X19 board (DT) pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0xffff80007a2cf464 lr : calltimerfn.isra.0+0x24/0x80 ... Call trace: 0xffff80007a2cf464 runtimers+0x234/0x280 runtimersoftirq+0x20/0x40 _dosoftirq+0x100/0x26c _dosoftirq+0x10/0x1c callonirqstack+0x24/0x4c dosoftirqownstack+0x1c/0x2c irqexitrcu+0xc0/0xdc el0interrupt+0x54/0xd8 _el0irqhandlercommon+0x18/0x24 el0t64irqhandler+0x10/0x1c el0t64_irq+0x190/0x194 Code: ???????? ???????? ???????? ???????? (????????) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0,c0000000,40028143,1000721b Memory Limit: none ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
689ca16e523278470c38832a3010645a78c544d8
Fixed
4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
689ca16e523278470c38832a3010645a78c544d8
Fixed
28bbb5011a9723700006da67bdb57ab6a914452b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
689ca16e523278470c38832a3010645a78c544d8
Fixed
0d0df1e750bac0fdaa77940e711c1625cff08d33

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.3
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.46
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.5