CVE-2024-54460: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid any potential deadlock with hdev lock. [ 75.307983] ====================================================== [ 75.307984] WARNING: possible circular locking dependency detected [ 75.307985] 6.12.0-rc6+ #22 Not tainted [ 75.307987] ------------------------------------------------------ [ 75.307987] kworker/u81:2/2623 is trying to acquire lock: [ 75.307988] ffff8fde1769da58 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO) at: iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308021] but task is already holding lock: [ 75.308022] ffff8fdd61a10078 (&hdev->lock) at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308053] which lock already depends on the new lock. [ 75.308054] the existing dependency chain (in reverse order) is: [ 75.308055] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 75.308057] __mutex_lock+0xad/0xc50 [ 75.308061] mutex_lock_nested+0x1b/0x30 [ 75.308063] iso_sock_listen+0x143/0x5c0 [bluetooth] [ 75.308085] __sys_listen_socket+0x49/0x60 [ 75.308088] __x64_sys_listen+0x4c/0x90 [ 75.308090] x64_sys_call+0x2517/0x25f0 [ 75.308092] do_syscall_64+0x87/0x150 [ 75.308095] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 75.308098] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 75.308100] __lock_acquire+0x155e/0x25f0 [ 75.308103] lock_acquire+0xc9/0x300 [ 75.308105] lock_sock_nested+0x32/0x90 [ 75.308107] iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308128] hci_connect_cfm+0x6c/0x190 [bluetooth] [ 75.308155] hci_le_per_adv_report_evt+0x27b/0x2f0 [bluetooth] [ 75.308180] hci_le_meta_evt+0xe7/0x200 [bluetooth] [ 75.308206] hci_event_packet+0x21f/0x5c0 [bluetooth] [ 75.308230] hci_rx_work+0x3ae/0xb10 [bluetooth] [ 75.308254] process_one_work+0x212/0x740 [ 75.308256] worker_thread+0x1bd/0x3a0 [ 75.308258] kthread+0xe4/0x120 [ 75.308259] ret_from_fork+0x44/0x70 [ 75.308261] ret_from_fork_asm+0x1a/0x30 [ 75.308263] other info that might help us debug this: [ 75.308264] Possible unsafe locking scenario: [ 75.308264] CPU0 CPU1 [ 75.308265] ---- ---- [ 75.308265] lock(&hdev->lock); [ 75.308267] lock(sk_lock- AF_BLUETOOTH-BTPROTO_ISO); [ 75.308268] lock(&hdev->lock); [ 75.308269] lock(sk_lock-AF_BLUETOOTH-BTPROTO_ISO); [ 75.308270] *** DEADLOCK *** [ 75.308271] 4 locks held by kworker/u81:2/2623: [ 75.308272] #0: ffff8fdd66e52148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x443/0x740 [ 75.308276] #1: ffffafb488b7fe48 ((work_completion)(&hdev->rx_work)), at: process_one_work+0x1ce/0x740 [ 75.308280] #2: ffff8fdd61a10078 (&hdev->lock){+.+.}-{3:3} at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308304] #3: ffffffffb6ba4900 (rcu_read_lock){....}-{1:2}, at: hci_connect_cfm+0x29/0x190 [bluetooth]
AI Analysis
Technical Summary
CVE-2024-54460 addresses a concurrency vulnerability in the Linux kernel's Bluetooth subsystem, specifically within the ISO (Isochronous Channels) protocol implementation. The issue arises from a circular locking dependency between two kernel locks: the socket lock (sk_lock) associated with AF_BLUETOOTH-BTPROTO_ISO sockets and the hdev lock protecting the Bluetooth device structure. This circular dependency can lead to a deadlock scenario where two CPU cores attempt to acquire these locks in opposite orders, causing the system to hang or stall. The vulnerability is rooted in the iso_listen_bis function, which previously held the socket lock while attempting to acquire the hdev lock, creating a potential for circular wait conditions. The fix involves releasing the socket lock before entering iso_listen_bis, thereby breaking the circular dependency and preventing deadlocks. The detailed kernel logs included in the description illustrate the lock acquisition order and the resulting deadlock, highlighting the complexity of concurrent lock management in kernel Bluetooth code. Although no direct exploit has been reported, the deadlock can cause denial of service (DoS) conditions by freezing Bluetooth operations or potentially impacting system stability if Bluetooth is heavily used. This vulnerability affects specific Linux kernel versions identified by commit hashes, indicating it is present in recent development or release candidate kernels prior to the fix. Since Bluetooth is widely used in Linux-based systems, including desktops, laptops, embedded devices, and IoT, the vulnerability has broad relevance. However, exploitation requires concurrent Bluetooth activity and specific timing to trigger the deadlock, making it a complex but impactful concurrency bug.
Potential Impact
For European organizations, the primary impact of CVE-2024-54460 is the risk of denial of service on Linux systems utilizing Bluetooth ISO channels. This could affect a wide range of devices from enterprise laptops and desktops to embedded systems and IoT devices running Linux kernels with the vulnerable versions. Organizations relying on Bluetooth for critical operations—such as healthcare devices, industrial control systems, or secure access mechanisms—may experience service interruptions or degraded performance. The deadlock could also complicate incident response and system availability, especially in environments with high Bluetooth usage or automated Bluetooth workflows. While the vulnerability does not appear to allow privilege escalation or data leakage directly, the resulting system hangs could disrupt business continuity and operational technology. Given the widespread use of Linux in European public sector, manufacturing, and technology sectors, the impact could be significant if unpatched systems are present. Additionally, the complexity of the bug means that detection and troubleshooting may require advanced kernel debugging skills, potentially increasing remediation time and costs.
Mitigation Recommendations
To mitigate CVE-2024-54460, European organizations should: 1) Prioritize updating Linux kernels to versions that include the fix for this vulnerability, ensuring that the Bluetooth subsystem's iso_listen_bis function no longer holds the socket lock during critical operations. 2) For systems where immediate kernel updates are not feasible, consider disabling Bluetooth ISO channels if they are not essential, or disable Bluetooth entirely to eliminate exposure. 3) Implement monitoring for kernel warnings related to circular locking dependencies or deadlocks in Bluetooth components, enabling early detection of potential issues. 4) Conduct thorough testing of Bluetooth functionality post-patching to confirm that deadlocks no longer occur under typical workloads. 5) For embedded or IoT devices with limited update capabilities, coordinate with vendors to obtain patched firmware or kernel versions. 6) Educate system administrators and security teams about this concurrency issue to improve incident response and troubleshooting efficiency. 7) Employ system-level watchdogs or automated recovery mechanisms to reboot or reset Bluetooth subsystems if deadlocks are detected, minimizing downtime.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-54460: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid any potential deadlock with hdev lock. [ 75.307983] ====================================================== [ 75.307984] WARNING: possible circular locking dependency detected [ 75.307985] 6.12.0-rc6+ #22 Not tainted [ 75.307987] ------------------------------------------------------ [ 75.307987] kworker/u81:2/2623 is trying to acquire lock: [ 75.307988] ffff8fde1769da58 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO) at: iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308021] but task is already holding lock: [ 75.308022] ffff8fdd61a10078 (&hdev->lock) at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308053] which lock already depends on the new lock. [ 75.308054] the existing dependency chain (in reverse order) is: [ 75.308055] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 75.308057] __mutex_lock+0xad/0xc50 [ 75.308061] mutex_lock_nested+0x1b/0x30 [ 75.308063] iso_sock_listen+0x143/0x5c0 [bluetooth] [ 75.308085] __sys_listen_socket+0x49/0x60 [ 75.308088] __x64_sys_listen+0x4c/0x90 [ 75.308090] x64_sys_call+0x2517/0x25f0 [ 75.308092] do_syscall_64+0x87/0x150 [ 75.308095] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 75.308098] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 75.308100] __lock_acquire+0x155e/0x25f0 [ 75.308103] lock_acquire+0xc9/0x300 [ 75.308105] lock_sock_nested+0x32/0x90 [ 75.308107] iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308128] hci_connect_cfm+0x6c/0x190 [bluetooth] [ 75.308155] hci_le_per_adv_report_evt+0x27b/0x2f0 [bluetooth] [ 75.308180] hci_le_meta_evt+0xe7/0x200 [bluetooth] [ 75.308206] hci_event_packet+0x21f/0x5c0 [bluetooth] [ 75.308230] hci_rx_work+0x3ae/0xb10 [bluetooth] [ 75.308254] process_one_work+0x212/0x740 [ 75.308256] worker_thread+0x1bd/0x3a0 [ 75.308258] kthread+0xe4/0x120 [ 75.308259] ret_from_fork+0x44/0x70 [ 75.308261] ret_from_fork_asm+0x1a/0x30 [ 75.308263] other info that might help us debug this: [ 75.308264] Possible unsafe locking scenario: [ 75.308264] CPU0 CPU1 [ 75.308265] ---- ---- [ 75.308265] lock(&hdev->lock); [ 75.308267] lock(sk_lock- AF_BLUETOOTH-BTPROTO_ISO); [ 75.308268] lock(&hdev->lock); [ 75.308269] lock(sk_lock-AF_BLUETOOTH-BTPROTO_ISO); [ 75.308270] *** DEADLOCK *** [ 75.308271] 4 locks held by kworker/u81:2/2623: [ 75.308272] #0: ffff8fdd66e52148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x443/0x740 [ 75.308276] #1: ffffafb488b7fe48 ((work_completion)(&hdev->rx_work)), at: process_one_work+0x1ce/0x740 [ 75.308280] #2: ffff8fdd61a10078 (&hdev->lock){+.+.}-{3:3} at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308304] #3: ffffffffb6ba4900 (rcu_read_lock){....}-{1:2}, at: hci_connect_cfm+0x29/0x190 [bluetooth]
AI-Powered Analysis
Technical Analysis
CVE-2024-54460 addresses a concurrency vulnerability in the Linux kernel's Bluetooth subsystem, specifically within the ISO (Isochronous Channels) protocol implementation. The issue arises from a circular locking dependency between two kernel locks: the socket lock (sk_lock) associated with AF_BLUETOOTH-BTPROTO_ISO sockets and the hdev lock protecting the Bluetooth device structure. This circular dependency can lead to a deadlock scenario where two CPU cores attempt to acquire these locks in opposite orders, causing the system to hang or stall. The vulnerability is rooted in the iso_listen_bis function, which previously held the socket lock while attempting to acquire the hdev lock, creating a potential for circular wait conditions. The fix involves releasing the socket lock before entering iso_listen_bis, thereby breaking the circular dependency and preventing deadlocks. The detailed kernel logs included in the description illustrate the lock acquisition order and the resulting deadlock, highlighting the complexity of concurrent lock management in kernel Bluetooth code. Although no direct exploit has been reported, the deadlock can cause denial of service (DoS) conditions by freezing Bluetooth operations or potentially impacting system stability if Bluetooth is heavily used. This vulnerability affects specific Linux kernel versions identified by commit hashes, indicating it is present in recent development or release candidate kernels prior to the fix. Since Bluetooth is widely used in Linux-based systems, including desktops, laptops, embedded devices, and IoT, the vulnerability has broad relevance. However, exploitation requires concurrent Bluetooth activity and specific timing to trigger the deadlock, making it a complex but impactful concurrency bug.
Potential Impact
For European organizations, the primary impact of CVE-2024-54460 is the risk of denial of service on Linux systems utilizing Bluetooth ISO channels. This could affect a wide range of devices from enterprise laptops and desktops to embedded systems and IoT devices running Linux kernels with the vulnerable versions. Organizations relying on Bluetooth for critical operations—such as healthcare devices, industrial control systems, or secure access mechanisms—may experience service interruptions or degraded performance. The deadlock could also complicate incident response and system availability, especially in environments with high Bluetooth usage or automated Bluetooth workflows. While the vulnerability does not appear to allow privilege escalation or data leakage directly, the resulting system hangs could disrupt business continuity and operational technology. Given the widespread use of Linux in European public sector, manufacturing, and technology sectors, the impact could be significant if unpatched systems are present. Additionally, the complexity of the bug means that detection and troubleshooting may require advanced kernel debugging skills, potentially increasing remediation time and costs.
Mitigation Recommendations
To mitigate CVE-2024-54460, European organizations should: 1) Prioritize updating Linux kernels to versions that include the fix for this vulnerability, ensuring that the Bluetooth subsystem's iso_listen_bis function no longer holds the socket lock during critical operations. 2) For systems where immediate kernel updates are not feasible, consider disabling Bluetooth ISO channels if they are not essential, or disable Bluetooth entirely to eliminate exposure. 3) Implement monitoring for kernel warnings related to circular locking dependencies or deadlocks in Bluetooth components, enabling early detection of potential issues. 4) Conduct thorough testing of Bluetooth functionality post-patching to confirm that deadlocks no longer occur under typical workloads. 5) For embedded or IoT devices with limited update capabilities, coordinate with vendors to obtain patched firmware or kernel versions. 6) Educate system administrators and security teams about this concurrency issue to improve incident response and troubleshooting efficiency. 7) Employ system-level watchdogs or automated recovery mechanisms to reboot or reset Bluetooth subsystems if deadlocks are detected, minimizing downtime.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-09T09:51:32.434Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd0b9
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 10:39:45 PM
Last updated: 7/31/2025, 3:23:58 AM
Views: 15
Related Threats
CVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-55150: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.