PT-2024-21558 · Linux+8 · Linux Kernel+8

Luiz Augusto Von Dentz

·

Published

2024-03-06

·

Updated

2026-03-14

·

CVE-2024-26886

CVSS v3.1

6.5

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.7.6
Description The issue is related to a deadlock in the Bluetooth module of the Linux kernel. Attempting to do a sock lock on .recvmsg may cause a deadlock. To avoid this, the kernel now uses sk receive queue.lock on bt sock ioctl instead of sock sock. This change prevents a potential Use-After-Free (UAF) condition. The problem was identified when a task was blocked for more than 30 seconds, indicating a deadlock. The call trace shows the sequence of events leading to the deadlock, involving functions such as schedule, schedule, lock sock, and l2cap sock recv cb.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-416

Related Identifiers

ALSA-2024:6567
ALSA-2025_16880
AZL-58893
BDU:2025-04404
CVE-2024-26886
INFSA-2024_6567
OPENSUSE-SU-2025_0201-1
OPENSUSE-SU-2025_0229-1
RHSA-2024:6567
RHSA-2024:6744
RHSA-2024:6745
RHSA-2024_6567
RLSA-2024:6567
RXSA-2024:6567
SUSE-SU-2024:4367-1
SUSE-SU-2025:0035-1
SUSE-SU-2025:0201-1
SUSE-SU-2025:0201-2
SUSE-SU-2025:0229-1
SUSE-SU-2025_0201-1
SUSE-SU-2025_0201-2
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1
USN-6923-1
USN-6923-2
USN-6926-1
USN-6926-2
USN-6926-3
USN-6927-1
USN-6938-1
USN-6951-1
USN-6951-2
USN-6951-3
USN-6951-4
USN-6953-1
USN-6956-1
USN-6957-1
USN-6979-1
USN-7019-1

Affected Products

Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu