CVE-2024-57894

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue is related to a sleeping function being called from an invalid context in the Linux kernel's Bluetooth component, specifically in the hci core module. This problem arises due to the misuse of the mutex hci cb list lock, leading to potential bugs and system instability. The error is identified at kernel/locking/mutex.c:585. Technical details include the function hci le create big complete evt and the involvement of rcu read lock.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the Bluetooth functionality until a patch is available. Restrict access to the vulnerable hci core module to minimize the risk of exploitation. Avoid using the hci le create big complete evt function and related rcu read lock until the issue is resolved.

Note: The provided information does not specify the exact versions affected, but it mentions that version 6.6.74 fixes the bugs and vulnerabilities. Therefore, it is recommended to update to this version or later.