CVE-2024-54191: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworking iso_sock_recvmsg, to ensure that the socket lock is always released before calling a function that locks hdev. [ 561.670344] ====================================================== [ 561.670346] WARNING: possible circular locking dependency detected [ 561.670349] 6.12.0-rc6+ #26 Not tainted [ 561.670351] ------------------------------------------------------ [ 561.670353] iso-tester/3289 is trying to acquire lock: [ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3}, at: iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670405] but task is already holding lock: [ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: iso_sock_recvmsg+0xbf/0x500 [bluetooth] [ 561.670450] which lock already depends on the new lock. [ 561.670452] the existing dependency chain (in reverse order) is: [ 561.670453] -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}: [ 561.670458] lock_acquire+0x7c/0xc0 [ 561.670463] lock_sock_nested+0x3b/0xf0 [ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth] [ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth] [ 561.670547] do_accept+0x3dd/0x610 [ 561.670550] __sys_accept4+0xd8/0x170 [ 561.670553] __x64_sys_accept+0x74/0xc0 [ 561.670556] x64_sys_call+0x17d6/0x25f0 [ 561.670559] do_syscall_64+0x87/0x150 [ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670567] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 561.670571] lock_acquire+0x7c/0xc0 [ 561.670574] lock_sock_nested+0x3b/0xf0 [ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth] [ 561.670617] __sys_listen_socket+0xef/0x130 [ 561.670620] __x64_sys_listen+0xe1/0x190 [ 561.670623] x64_sys_call+0x2517/0x25f0 [ 561.670626] do_syscall_64+0x87/0x150 [ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670632] -> #0 (&hdev->lock){+.+.}-{3:3}: [ 561.670636] __lock_acquire+0x32ad/0x6ab0 [ 561.670639] lock_acquire.part.0+0x118/0x360 [ 561.670642] lock_acquire+0x7c/0xc0 [ 561.670644] __mutex_lock+0x18d/0x12f0 [ 561.670647] mutex_lock_nested+0x1b/0x30 [ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth] [ 561.670722] sock_recvmsg+0x1d5/0x240 [ 561.670725] sock_read_iter+0x27d/0x470 [ 561.670727] vfs_read+0x9a0/0xd30 [ 561.670731] ksys_read+0x1a8/0x250 [ 561.670733] __x64_sys_read+0x72/0xc0 [ 561.670736] x64_sys_call+0x1b12/0x25f0 [ 561.670738] do_syscall_64+0x87/0x150 [ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670744] other info that might help us debug this: [ 561.670745] Chain exists of: &hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH [ 561.670751] Possible unsafe locking scenario: [ 561.670753] CPU0 CPU1 [ 561.670754] ---- ---- [ 561.670756] lock(sk_lock-AF_BLUETOOTH); [ 561.670758] lock(sk_lock AF_BLUETOOTH-BTPROTO_ISO); [ 561.670761] lock(sk_lock-AF_BLUETOOTH); [ 561.670764] lock(&hdev->lock); [ 561.670767] *** DEADLOCK ***
AI Analysis
Technical Summary
CVE-2024-54191 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically related to the ISO (Isochronous Channels) protocol implementation. The issue arises from a circular locking dependency between the socket lock (sk_lock) and the hardware device lock (hdev->lock) during Bluetooth ISO connection synchronization. The vulnerability manifests as a potential deadlock scenario caused by improper lock acquisition order in the functions iso_sock_recvmsg and iso_conn_big_sync. This deadlock occurs when the socket lock is held while attempting to acquire the hardware device lock, which itself depends on the socket lock, creating a circular wait condition. The kernel logs reveal a warning about this circular locking dependency, indicating that the kernel could freeze or hang when handling Bluetooth ISO connections under certain conditions. The fix involves reworking iso_sock_recvmsg to ensure the socket lock is released before acquiring the hardware device lock, thereby breaking the circular dependency chain and preventing deadlocks. This vulnerability affects specific Linux kernel versions identified by their commit hashes and is relevant to systems using Bluetooth ISO channels, which are typically used for time-sensitive data transmission such as audio streaming over Bluetooth LE Audio. Although no known exploits are reported in the wild, the issue poses a risk of denial of service (DoS) through kernel hangs or freezes when the Bluetooth subsystem encounters this locking scenario.
Potential Impact
For European organizations, the impact of CVE-2024-54191 primarily involves potential denial of service conditions on Linux-based systems utilizing Bluetooth ISO channels. This could affect devices ranging from servers and desktops to embedded systems and IoT devices running vulnerable Linux kernels. Organizations relying on Bluetooth LE Audio or other ISO channel-based Bluetooth communications may experience system instability or crashes, leading to service interruptions. Critical infrastructure or industrial control systems using Linux with Bluetooth connectivity could be disrupted, impacting operational continuity. While confidentiality and integrity impacts are unlikely, availability degradation due to kernel deadlocks can cause significant operational issues, especially in environments where Bluetooth connectivity is integral to workflows or device management. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the deadlock. European organizations with large Linux deployments, including cloud providers, telecom operators, and manufacturing sectors, should be aware of this vulnerability's potential to disrupt services reliant on Bluetooth ISO channels.
Mitigation Recommendations
To mitigate CVE-2024-54191, European organizations should prioritize updating their Linux kernel to the patched versions that address the circular locking dependency in the Bluetooth ISO implementation. Kernel updates should be sourced from trusted vendors or official Linux distribution repositories to ensure authenticity and integrity. For systems where immediate patching is not feasible, administrators should consider disabling Bluetooth ISO channel support if it is not required, thereby reducing the attack surface. Monitoring kernel logs for circular locking warnings related to Bluetooth can help detect attempts to trigger the deadlock. Additionally, organizations should implement robust system monitoring and automated recovery mechanisms to detect and remediate kernel hangs promptly. For embedded or IoT devices, coordination with device manufacturers for firmware updates is critical. Finally, incorporating this vulnerability into vulnerability management and patching cycles will ensure timely remediation and reduce exposure.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-54191: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworking iso_sock_recvmsg, to ensure that the socket lock is always released before calling a function that locks hdev. [ 561.670344] ====================================================== [ 561.670346] WARNING: possible circular locking dependency detected [ 561.670349] 6.12.0-rc6+ #26 Not tainted [ 561.670351] ------------------------------------------------------ [ 561.670353] iso-tester/3289 is trying to acquire lock: [ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3}, at: iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670405] but task is already holding lock: [ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: iso_sock_recvmsg+0xbf/0x500 [bluetooth] [ 561.670450] which lock already depends on the new lock. [ 561.670452] the existing dependency chain (in reverse order) is: [ 561.670453] -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}: [ 561.670458] lock_acquire+0x7c/0xc0 [ 561.670463] lock_sock_nested+0x3b/0xf0 [ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth] [ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth] [ 561.670547] do_accept+0x3dd/0x610 [ 561.670550] __sys_accept4+0xd8/0x170 [ 561.670553] __x64_sys_accept+0x74/0xc0 [ 561.670556] x64_sys_call+0x17d6/0x25f0 [ 561.670559] do_syscall_64+0x87/0x150 [ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670567] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 561.670571] lock_acquire+0x7c/0xc0 [ 561.670574] lock_sock_nested+0x3b/0xf0 [ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth] [ 561.670617] __sys_listen_socket+0xef/0x130 [ 561.670620] __x64_sys_listen+0xe1/0x190 [ 561.670623] x64_sys_call+0x2517/0x25f0 [ 561.670626] do_syscall_64+0x87/0x150 [ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670632] -> #0 (&hdev->lock){+.+.}-{3:3}: [ 561.670636] __lock_acquire+0x32ad/0x6ab0 [ 561.670639] lock_acquire.part.0+0x118/0x360 [ 561.670642] lock_acquire+0x7c/0xc0 [ 561.670644] __mutex_lock+0x18d/0x12f0 [ 561.670647] mutex_lock_nested+0x1b/0x30 [ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth] [ 561.670722] sock_recvmsg+0x1d5/0x240 [ 561.670725] sock_read_iter+0x27d/0x470 [ 561.670727] vfs_read+0x9a0/0xd30 [ 561.670731] ksys_read+0x1a8/0x250 [ 561.670733] __x64_sys_read+0x72/0xc0 [ 561.670736] x64_sys_call+0x1b12/0x25f0 [ 561.670738] do_syscall_64+0x87/0x150 [ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670744] other info that might help us debug this: [ 561.670745] Chain exists of: &hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH [ 561.670751] Possible unsafe locking scenario: [ 561.670753] CPU0 CPU1 [ 561.670754] ---- ---- [ 561.670756] lock(sk_lock-AF_BLUETOOTH); [ 561.670758] lock(sk_lock AF_BLUETOOTH-BTPROTO_ISO); [ 561.670761] lock(sk_lock-AF_BLUETOOTH); [ 561.670764] lock(&hdev->lock); [ 561.670767] *** DEADLOCK ***
AI-Powered Analysis
Technical Analysis
CVE-2024-54191 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically related to the ISO (Isochronous Channels) protocol implementation. The issue arises from a circular locking dependency between the socket lock (sk_lock) and the hardware device lock (hdev->lock) during Bluetooth ISO connection synchronization. The vulnerability manifests as a potential deadlock scenario caused by improper lock acquisition order in the functions iso_sock_recvmsg and iso_conn_big_sync. This deadlock occurs when the socket lock is held while attempting to acquire the hardware device lock, which itself depends on the socket lock, creating a circular wait condition. The kernel logs reveal a warning about this circular locking dependency, indicating that the kernel could freeze or hang when handling Bluetooth ISO connections under certain conditions. The fix involves reworking iso_sock_recvmsg to ensure the socket lock is released before acquiring the hardware device lock, thereby breaking the circular dependency chain and preventing deadlocks. This vulnerability affects specific Linux kernel versions identified by their commit hashes and is relevant to systems using Bluetooth ISO channels, which are typically used for time-sensitive data transmission such as audio streaming over Bluetooth LE Audio. Although no known exploits are reported in the wild, the issue poses a risk of denial of service (DoS) through kernel hangs or freezes when the Bluetooth subsystem encounters this locking scenario.
Potential Impact
For European organizations, the impact of CVE-2024-54191 primarily involves potential denial of service conditions on Linux-based systems utilizing Bluetooth ISO channels. This could affect devices ranging from servers and desktops to embedded systems and IoT devices running vulnerable Linux kernels. Organizations relying on Bluetooth LE Audio or other ISO channel-based Bluetooth communications may experience system instability or crashes, leading to service interruptions. Critical infrastructure or industrial control systems using Linux with Bluetooth connectivity could be disrupted, impacting operational continuity. While confidentiality and integrity impacts are unlikely, availability degradation due to kernel deadlocks can cause significant operational issues, especially in environments where Bluetooth connectivity is integral to workflows or device management. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the deadlock. European organizations with large Linux deployments, including cloud providers, telecom operators, and manufacturing sectors, should be aware of this vulnerability's potential to disrupt services reliant on Bluetooth ISO channels.
Mitigation Recommendations
To mitigate CVE-2024-54191, European organizations should prioritize updating their Linux kernel to the patched versions that address the circular locking dependency in the Bluetooth ISO implementation. Kernel updates should be sourced from trusted vendors or official Linux distribution repositories to ensure authenticity and integrity. For systems where immediate patching is not feasible, administrators should consider disabling Bluetooth ISO channel support if it is not required, thereby reducing the attack surface. Monitoring kernel logs for circular locking warnings related to Bluetooth can help detect attempts to trigger the deadlock. Additionally, organizations should implement robust system monitoring and automated recovery mechanisms to detect and remediate kernel hangs promptly. For embedded or IoT devices, coordination with device manufacturers for firmware updates is critical. Finally, incorporating this vulnerability into vulnerability management and patching cycles will ensure timely remediation and reduce exposure.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-09T09:49:29.716Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd0b1
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 10:39:32 PM
Last updated: 7/31/2025, 6:34:03 PM
Views: 9
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.