CVE-2024-56654

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue concerns the use of rcu read (un)lock during iteration in the Linux kernel's Bluetooth hci event handling. This usage is not safe because entries fetched using list for each entry rcu should be treated as rcu dereference. The value returned by rcu dereference() is only valid within the enclosing RCU read-side critical section. For example, accessing p->address or p->data after rcu read unlock() is considered a bug.

Recommendations To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider avoiding the use of rcu read (un)lock while iterating over list for each entry rcu to minimize the risk of exploitation. Restrict access to the vulnerable hci event handling to minimize the risk of exploitation until the issue is resolved.