CVE-2024-50044 is a vulnerability identified in the Linux kernel's Bluetooth RFCOMM protocol implementation. Specifically, the issue arises from a potential deadlock condition in the function rfcomm_sk_state_change. This function attempts to acquire a socket lock (sock_lock), but it must not be called when this lock is already held. However, rfcomm_sock_ioctl, another function in the RFCOMM stack, always attempts to acquire this lock before calling rfcomm_sk_state_change. This leads to a circular locking dependency, as evidenced by kernel warnings about possible deadlocks and circular locking dependencies. The trace shows that a task tries to acquire the sk_lock while already holding another lock (&d->lock), causing a deadlock scenario. This deadlock can freeze or hang the Bluetooth RFCOMM socket operations, potentially impacting system stability or availability. The vulnerability affects multiple versions of the Linux kernel, as indicated by the repeated commit hashes, and was published on October 21, 2024. No CVSS score has been assigned yet, and there are no known exploits in the wild. The root cause is a synchronization flaw in the Bluetooth RFCOMM socket state management, which can cause kernel-level deadlocks during Bluetooth communication over RFCOMM channels.

For European organizations, this vulnerability could have significant operational impacts, especially for those relying on Linux-based systems with Bluetooth functionality. The deadlock can cause system hangs or degraded performance in devices using Bluetooth RFCOMM, which is commonly used for serial port emulation over Bluetooth. This may affect embedded systems, IoT devices, industrial control systems, and enterprise Linux servers or workstations that utilize Bluetooth for device communication or management. In critical infrastructure sectors such as manufacturing, healthcare, transportation, and telecommunications, where Linux is prevalent and Bluetooth connectivity is used, this could lead to service interruptions or degraded device functionality. Although this vulnerability does not directly lead to privilege escalation or data leakage, the availability impact due to deadlocks can disrupt business operations and potentially delay critical processes. The lack of known exploits reduces immediate risk, but the presence of a kernel-level deadlock vulnerability means that attackers or even benign processes could trigger system instability, which is a concern for high-availability environments.

To mitigate this vulnerability, organizations should promptly apply the official Linux kernel patches once they are released by the Linux maintainers. Until patches are available, consider disabling Bluetooth RFCOMM functionality if it is not essential, especially on critical systems. For systems where Bluetooth is required, monitor kernel updates closely and test patches in staging environments before deployment. Additionally, implement kernel crash and hang detection mechanisms to quickly identify and recover from deadlock conditions. Employ strict access controls to limit which users or processes can interact with Bluetooth devices or invoke ioctl calls on RFCOMM sockets, reducing the risk of accidental or malicious triggering of the deadlock. For embedded or IoT devices, coordinate with device vendors to ensure timely firmware or kernel updates. Finally, maintain comprehensive logging and monitoring of Bluetooth subsystem activity to detect unusual behavior that might indicate attempts to exploit this vulnerability.