CVE-2024-49951

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A vulnerability in the Linux kernel's Bluetooth management (MGMT) component could lead to crashes when mgmt index removed is called while commands are queued on cmd sync. This issue is related to the handling of mgmt index removed, which attempts to dequeue commands passed as user data to cmd sync. The crash can occur due to the removal of pending commands, as seen in the stack trace involving list del entry valid or report, mgmt pending remove, mgmt remove adv monitor complete, and hci cmd sync work.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling Bluetooth functionality until the update is applied. Restrict access to the cmd sync and mgmt index removed functions to minimize the risk of exploitation. Avoid using the user data parameter in the affected Bluetooth management component until the issue is resolved.