CVE-2024-50044

LOW

Linux kernel - DoS

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it causing the following trace: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ------------------------------------------------------ syz-executor386/5093 is trying to acquire lock: ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline] ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73 but task is already holding lock: ffff88807badfd28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491

References (10)

Scores

CVSS v3 3.3
EPSS 0.0001
EPSS Percentile 1.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-667
Status published
Products (9)
linux/Kernel 2.6.27 - 4.19.323linux
linux/Kernel 4.20.0 - 5.4.285linux
linux/Kernel 5.11.0 - 5.15.168linux
linux/Kernel 5.16.0 - 6.1.113linux
linux/Kernel 5.5.0 - 5.10.227linux
linux/Kernel 6.2.0 - 6.6.57linux
linux/Kernel 6.7.0 - 6.11.4linux
linux/linux_kernel 6.12 rc1 (2 CPE variants)
linux/linux_kernel 2.6.27 - 5.10.227
Published Oct 21, 2024
Tracked Since Feb 18, 2026