PT-2024-33885 · Linux+8 · Linux Kernel+8
Published
2024-10-21
·
Updated
2025-10-03
·
CVE-2024-50044
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
A possible deadlock in the rfcomm sk state change function has been resolved. The function attempts to use sock lock, which must never be called with it locked, but rfcomm sock ioctl always attempts to lock it, causing a circular locking dependency. This issue is related to the Bluetooth RFCOMM protocol.
Recommendations:
For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the
rfcomm sk state change function until a patch is available. Restrict access to the rfcomm sock ioctl function to minimize the risk of exploitation. Avoid using the sock lock variable in the affected API endpoint until the issue is resolved.Exploit
Fix
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu