PT-2024-35654 · Linux+3 · Linux Kernel+3

Kiran K

Published

2024-12-27

Updated

2026-04-20

CVE-2024-53207

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-2024-03-19-intel-next-iLS-24ww14

Description The issue is related to possible deadlocks in the Bluetooth management (MGMT) component of the Linux kernel, caused by the hci cmd sync dequeue function. This can lead to a task being blocked for more than 120 seconds. The problem is associated with the mgmt set connectable complete function and the hci cmd sync work workqueue.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the deadlock issue. As a temporary workaround, consider disabling the Bluetooth functionality until a patch is available. Restrict access to the Bluetooth management interface to minimize the risk of exploitation.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-17893

ALT-PU-2025-12647

AZL-55162

BDU:2025-04313

CVE-2024-53207

DLA-4076-1

OESA-2025-1093

OESA-2025-1097

OPENSUSE-SU-2025_0117-1

OPENSUSE-SU-2025_0153-1

OPENSUSE-SU-2025_0154-1

SUSE-SU-2025:0117-1

SUSE-SU-2025:0153-1

SUSE-SU-2025:0154-1

SUSE-SU-2025:0289-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

Affected Products

Alt Linux

Linux Kernel

Red Os

Suse

PT-2024-35654 · Linux+3 · Linux Kernel+3

CVE-2024-53207

Weakness Enumeration

Related Identifiers

Affected Products

References · 1578