CVE-2024-58238
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-58238
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-58238.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-58238
- Downstream
- Related
- Published
- 2025-08-09T14:31:47Z
- Modified
- 2025-10-17T20:27:39.408353Z
- Summary
- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test
This fixes the tx timeout issue seen while running a stress test on btnxpuart for couple of hours, such that the interval between two HCI commands coincide with the power save timeout value of 2 seconds.
Test procedure using bash script: <load btnxpuart.ko> hciconfig hci0 up //Enable Power Save feature hcitool -i hci0 cmd 3f 23 02 00 00 while (true) do hciconfig hci0 leadv sleep 2 hciconfig hci0 noleadv sleep 2 done
Error log, after adding few more debug prints: Bluetooth: btnxpuartqueueskb(): 01 0A 20 01 00 Bluetooth: hci0: Set UART break: on, status=0 Bluetooth: hci0: btnxpuarttxwakeup() txwork scheduled Bluetooth: hci0: btnxpuarttx_work() dequeue: 01 0A 20 01 00 Can't set advertise mode on hci0: Connection timed out (110) Bluetooth: hci0: command 0x200a tx timeout
When the power save mechanism turns on UART break, and btnxpuarttxwork() is scheduled simultaneously, psdata->psstate is read as PSSTATE_AWAKE, which prevents the psdata->work from being scheduled, which is responsible to turn OFF UART break.
This issue is fixed by adding a pslock mutex around UART break on/off as well as around psstate read/write. btnxpuarttxwakeup() will now read updated psstate value. If psstate is PSSTATESLEEP, it will first schedule psdata->work, and then it will reschedule itself once UART break has been turned off and psstate is PSSTATE_AWAKE.
Tested above script for 50,000 iterations and TX timeout error was not observed anymore.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced689ca16e523278470c38832a3010645a78c544d8Fixed9d5df94ce0e213d5b549633f528f96114c736190
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced689ca16e523278470c38832a3010645a78c544d8Fixede4db90e4eb8d5487098712ffb1048f3fa6d25e98
Affected versions
v6.*
v6.3
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d5df94ce0e213d5b549633f528f96114c736190",
"signature_type": "Function",
"digest": {
"function_hash": "42168960325370942307487759170310358991",
"length": 229.0
},
"target": {
"function": "ps_setup",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-4a959be9"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d5df94ce0e213d5b549633f528f96114c736190",
"signature_type": "Function",
"digest": {
"function_hash": "261484796007129498028778464882869512468",
"length": 728.0
},
"target": {
"function": "btnxpuart_tx_work",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-4b57fd15"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4db90e4eb8d5487098712ffb1048f3fa6d25e98",
"signature_type": "Function",
"digest": {
"function_hash": "42168960325370942307487759170310358991",
"length": 229.0
},
"target": {
"function": "ps_setup",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-6cb14d52"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4db90e4eb8d5487098712ffb1048f3fa6d25e98",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"293056288578534884600534309048196864563",
"101178622403632128900851818629573806760",
"269693164371808448942447221943519683645",
"254919653654653318607449809549484731133",
"286434028205806158010686745572224955004",
"268473128791398191213640226137770136089",
"54465506180642357843042057231836374534",
"233408549221868611564020938033907320114",
"153307161561408673246393126525040918149",
"124017557595684821474203154463332524466",
"105790678813323392576616509822824923963",
"333716065550884565757670238683414208906",
"107916733854916357099132240267944185490",
"148250237723270140614910334840002141560",
"278129327692278196654209800560496655641",
"3369029514333743190074653536772516845",
"86098899501475924232636957174885090477",
"77239277603187465337549442659397565743",
"102338389390921390991026068105210601433",
"117336550889962072181366043844949293047",
"290510975531349188385365687611268021157",
"7204660811075058318110881353529068363",
"122740363645468224374882080596420946587",
"22764075986812879853070880946490854711",
"83687044090978678692483112818720327900",
"159620399347212407378278493423894722996",
"153693702832967227531020984872329131680",
"308889717817652687452465533654729982999",
"150250249412593538575943081365089123639",
"74675128603489771260475900312814942509",
"303563547417184137907814617159566628907",
"141367784220512824446414387672022814419",
"36958217269175973006742138280896467381",
"241086169602605324223972393735261263844",
"84896951411320606294897260754017549446",
"310752756283054226218782008988511080479",
"66004376244227565477462961161567088930",
"218864327415672300843965160154759699965",
"47429216307423870714499889316802707502",
"124138408393049387535319062629391374148",
"129492634064332542081059777524730787679"
]
},
"target": {
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-71560f6f"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4db90e4eb8d5487098712ffb1048f3fa6d25e98",
"signature_type": "Function",
"digest": {
"function_hash": "29644226703926081070182221583965962794",
"length": 220.0
},
"target": {
"function": "ps_start_timer",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-88833ee1"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d5df94ce0e213d5b549633f528f96114c736190",
"signature_type": "Function",
"digest": {
"function_hash": "37847531979255983788108832748334648015",
"length": 152.0
},
"target": {
"function": "nxp_dequeue",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-88fdd4e1"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d5df94ce0e213d5b549633f528f96114c736190",
"signature_type": "Function",
"digest": {
"function_hash": "185604260803928452370948705231405388955",
"length": 181.0
},
"target": {
"function": "ps_wakeup",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-8a029208"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4db90e4eb8d5487098712ffb1048f3fa6d25e98",
"signature_type": "Function",
"digest": {
"function_hash": "185604260803928452370948705231405388955",
"length": 181.0
},
"target": {
"function": "ps_wakeup",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-8a69b759"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d5df94ce0e213d5b549633f528f96114c736190",
"signature_type": "Function",
"digest": {
"function_hash": "29644226703926081070182221583965962794",
"length": 220.0
},
"target": {
"function": "ps_start_timer",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-927cfd4b"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d5df94ce0e213d5b549633f528f96114c736190",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"293056288578534884600534309048196864563",
"101178622403632128900851818629573806760",
"269693164371808448942447221943519683645",
"254919653654653318607449809549484731133",
"286434028205806158010686745572224955004",
"268473128791398191213640226137770136089",
"54465506180642357843042057231836374534",
"233408549221868611564020938033907320114",
"153307161561408673246393126525040918149",
"124017557595684821474203154463332524466",
"105790678813323392576616509822824923963",
"333716065550884565757670238683414208906",
"107916733854916357099132240267944185490",
"148250237723270140614910334840002141560",
"278129327692278196654209800560496655641",
"3369029514333743190074653536772516845",
"86098899501475924232636957174885090477",
"77239277603187465337549442659397565743",
"102338389390921390991026068105210601433",
"117336550889962072181366043844949293047",
"290510975531349188385365687611268021157",
"7204660811075058318110881353529068363",
"122740363645468224374882080596420946587",
"22764075986812879853070880946490854711",
"83687044090978678692483112818720327900",
"159620399347212407378278493423894722996",
"153693702832967227531020984872329131680",
"308889717817652687452465533654729982999",
"150250249412593538575943081365089123639",
"74675128603489771260475900312814942509",
"303563547417184137907814617159566628907",
"141367784220512824446414387672022814419",
"36958217269175973006742138280896467381",
"241086169602605324223972393735261263844",
"84896951411320606294897260754017549446",
"310752756283054226218782008988511080479",
"66004376244227565477462961161567088930",
"218864327415672300843965160154759699965",
"47429216307423870714499889316802707502",
"124138408393049387535319062629391374148",
"129492634064332542081059777524730787679"
]
},
"target": {
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-96b90d68"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4db90e4eb8d5487098712ffb1048f3fa6d25e98",
"signature_type": "Function",
"digest": {
"function_hash": "37847531979255983788108832748334648015",
"length": 152.0
},
"target": {
"function": "nxp_dequeue",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-9f12c16f"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d5df94ce0e213d5b549633f528f96114c736190",
"signature_type": "Function",
"digest": {
"function_hash": "108965592008167808229000520709891038849",
"length": 790.0
},
"target": {
"function": "ps_control",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-a21e645d"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4db90e4eb8d5487098712ffb1048f3fa6d25e98",
"signature_type": "Function",
"digest": {
"function_hash": "108965592008167808229000520709891038849",
"length": 790.0
},
"target": {
"function": "ps_control",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-b7ea7855"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4db90e4eb8d5487098712ffb1048f3fa6d25e98",
"signature_type": "Function",
"digest": {
"function_hash": "261484796007129498028778464882869512468",
"length": 728.0
},
"target": {
"function": "btnxpuart_tx_work",
"file": "drivers/bluetooth/btnxpuart.c"
},
"id": "CVE-2024-58238-ed86677a"
}
]