Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
Summary
| CVE | CVE-2024-50044 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-10-21 20:15:17 UTC |
| Updated | 2026-05-12 13:16:16 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it causing the following trace: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ------------------------------------------------------ syz-executor386/5093 is trying to acquire lock: ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline] ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73 but task is already holding lock: ffff88807badfd28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491 |
Risk And Classification
Primary CVSS: v3.1 3.3 LOW from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Problem Types: CWE-667
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
LowCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 3241ad820dbb172021e0268b5611031991431626 b77b3fb12fd483cae7c28648903b1d8a6b275f01 git | Not specified |
| CNA | Linux | Linux | affected 3241ad820dbb172021e0268b5611031991431626 869c6ee62ab8f01bf2419e45326642be5c9b670a git | Not specified |
| CNA | Linux | Linux | affected 3241ad820dbb172021e0268b5611031991431626 ef44274dae9b0a90d1a97ce8b242a3b8243a7745 git | Not specified |
| CNA | Linux | Linux | affected 3241ad820dbb172021e0268b5611031991431626 496b2ab0fd10f205e08909a125485fdc98843dbe git | Not specified |
| CNA | Linux | Linux | affected 3241ad820dbb172021e0268b5611031991431626 ced98072d3511b232ae1d3347945f35f30c0e303 git | Not specified |
| CNA | Linux | Linux | affected 3241ad820dbb172021e0268b5611031991431626 38b2d5a57d125e1c17661b8308c0240c4a43b534 git | Not specified |
| CNA | Linux | Linux | affected 3241ad820dbb172021e0268b5611031991431626 4cb9807c9b53bf1e5560420d26f319f528b50268 git | Not specified |
| CNA | Linux | Linux | affected 3241ad820dbb172021e0268b5611031991431626 08d1914293dae38350b8088980e59fbc699a72fe git | Not specified |
| CNA | Linux | Linux | affected 2.6.27 | Not specified |
| CNA | Linux | Linux | unaffected 2.6.27 semver | Not specified |
| CNA | Linux | Linux | unaffected 4.19.323 4.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.4.285 5.4.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.227 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.168 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.113 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.57 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.11.4 6.11.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12 * original_commit_for_fix | Not specified |
| ADP | Siemens | RUGGEDCOM RST2428P | unaffected * custom | Not specified |
| ADP | Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 Family | unaffected * custom | Not specified |
| ADP | Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 Family | unaffected * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem | affected * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/4cb9807c9b53bf1e5560420d26f319f528b50268 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| lists.debian.org/debian-lts-announce/2025/03/msg00002.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| git.kernel.org/stable/c/38b2d5a57d125e1c17661b8308c0240c4a43b534 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/ced98072d3511b232ae1d3347945f35f30c0e303 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| cert-portal.siemens.com/productcert/html/ssa-265688.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| git.kernel.org/stable/c/869c6ee62ab8f01bf2419e45326642be5c9b670a | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/08d1914293dae38350b8088980e59fbc699a72fe | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/ef44274dae9b0a90d1a97ce8b242a3b8243a7745 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| cert-portal.siemens.com/productcert/html/ssa-355557.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| lists.debian.org/debian-lts-announce/2025/01/msg00001.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| git.kernel.org/stable/c/b77b3fb12fd483cae7c28648903b1d8a6b275f01 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/496b2ab0fd10f205e08909a125485fdc98843dbe | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.