CVE-2024-41063
- Source
- https://cve.org/CVERecord?id=CVE-2024-41063
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41063.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-41063
- Downstream
- Related
- Published
- 2024-07-29T14:57:25.154Z
- Modified
- 2026-03-13T07:57:16.652810Z
- Summary
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hcicore: cancel all works upon hciunregister_dev()
syzbot is reporting that calling hcireleasedev() from hcierrorreset() due to hcidevput() from hcierrorreset() can cause deadlock at destroyworkqueue(), for hcierrorreset() is called from hdev->reqworkqueue which destroy_workqueue() needs to flush.
We need to make sure that hdev->{rxwork,cmdwork,txwork} which are queued into hdev->workqueue and hdev->{poweron,errorreset} which are queued into hdev->reqworkqueue are no longer running by the moment
destroy_workqueue(hdev->workqueue); destroy_workqueue(hdev->req_workqueue);are called from hcireleasedev().
Call cancelworksync() on these work items from hciunregisterdev() as soon as hdev->list is removed from hcidevlist.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41063.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913
- https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678
- https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9
- https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa
- https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed
- https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f
- https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39
- https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41063.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-41063
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede0b278650f07acf2e0932149183458468a731c03Fixed48542881997e17b49dc16b93fe910e0cfcf7a9f9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced98fb98fd37e42fd4ce13ff657ea64503e24b6090Fixed9cfc84b1d464cc024286f42a090718f9067b80ed
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2Fixedddeda6ca5f218b668b560d90fc31ae469adbfd92
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedda4569d450b193e39e87119fd316c0291b585d14Fixedd2ce562a5aff1dcd0c50d9808ea825ef90da909f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced45085686b9559bfbe3a4f41d3d695a520668f5e1Fixed96600c2e5ee8213dbab5df1617293d8e847bb4fa
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2ab9a19d896f5a0dd386e1f001c5309bc35f433bFixedd6cbce18370641a21dd889e8613d8153df15eb39
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2449007d3f73b2842c9734f45f0aadb522daf592Fixed3f939bd73fed12dddc2a32a76116c19ca47c7678Fixed0d151a103775dd9645c78c97f77d6e2a5298d913
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affecteddd594cdc24f2e48dab441732e6dfcafd6b0711d1