{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-54191", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-09T09:49:29.716Z", "datePublished": "2025-01-11T12:29:52.753Z", "dateUpdated": "2026-05-11T20:53:44.492Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:53:44.492Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: iso: Fix circular lock in iso_conn_big_sync\n\nThis fixes the circular locking dependency warning below, by reworking\niso_sock_recvmsg, to ensure that the socket lock is always released\nbefore calling a function that locks hdev.\n\n[ 561.670344] ======================================================\n[ 561.670346] WARNING: possible circular locking dependency detected\n[ 561.670349] 6.12.0-rc6+ #26 Not tainted\n[ 561.670351] ------------------------------------------------------\n[ 561.670353] iso-tester/3289 is trying to acquire lock:\n[ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3},\n at: iso_conn_big_sync+0x73/0x260 [bluetooth]\n[ 561.670405]\n but task is already holding lock:\n[ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0},\n at: iso_sock_recvmsg+0xbf/0x500 [bluetooth]\n[ 561.670450]\n which lock already depends on the new lock.\n\n[ 561.670452]\n the existing dependency chain (in reverse order) is:\n[ 561.670453]\n -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}:\n[ 561.670458] lock_acquire+0x7c/0xc0\n[ 561.670463] lock_sock_nested+0x3b/0xf0\n[ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth]\n[ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth]\n[ 561.670547] do_accept+0x3dd/0x610\n[ 561.670550] __sys_accept4+0xd8/0x170\n[ 561.670553] __x64_sys_accept+0x74/0xc0\n[ 561.670556] x64_sys_call+0x17d6/0x25f0\n[ 561.670559] do_syscall_64+0x87/0x150\n[ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670567]\n -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}:\n[ 561.670571] lock_acquire+0x7c/0xc0\n[ 561.670574] lock_sock_nested+0x3b/0xf0\n[ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth]\n[ 561.670617] __sys_listen_socket+0xef/0x130\n[ 561.670620] __x64_sys_listen+0xe1/0x190\n[ 561.670623] x64_sys_call+0x2517/0x25f0\n[ 561.670626] do_syscall_64+0x87/0x150\n[ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670632]\n -> #0 (&hdev->lock){+.+.}-{3:3}:\n[ 561.670636] __lock_acquire+0x32ad/0x6ab0\n[ 561.670639] lock_acquire.part.0+0x118/0x360\n[ 561.670642] lock_acquire+0x7c/0xc0\n[ 561.670644] __mutex_lock+0x18d/0x12f0\n[ 561.670647] mutex_lock_nested+0x1b/0x30\n[ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth]\n[ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth]\n[ 561.670722] sock_recvmsg+0x1d5/0x240\n[ 561.670725] sock_read_iter+0x27d/0x470\n[ 561.670727] vfs_read+0x9a0/0xd30\n[ 561.670731] ksys_read+0x1a8/0x250\n[ 561.670733] __x64_sys_read+0x72/0xc0\n[ 561.670736] x64_sys_call+0x1b12/0x25f0\n[ 561.670738] do_syscall_64+0x87/0x150\n[ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670744]\n other info that might help us debug this:\n\n[ 561.670745] Chain exists of:\n&hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH\n\n[ 561.670751] Possible unsafe locking scenario:\n\n[ 561.670753] CPU0 CPU1\n[ 561.670754] ---- ----\n[ 561.670756] lock(sk_lock-AF_BLUETOOTH);\n[ 561.670758] lock(sk_lock\n AF_BLUETOOTH-BTPROTO_ISO);\n[ 561.670761] lock(sk_lock-AF_BLUETOOTH);\n[ 561.670764] lock(&hdev->lock);\n[ 561.670767]\n *** DEADLOCK ***"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/iso.c"], "versions": [{"version": "1360e5b6ce63d63d23223a659ca2bbafa30a53aa", "lessThan": "cbe640d6cae590b9a7d81ce86fe9a90e83eec1d5", "status": "affected", "versionType": "git"}, {"version": "07a9342b94a91b306ed1cf6aa8254aea210764c9", "lessThan": "7a17308c17880d259105f6e591eb1bc77b9612f0", "status": "affected", "versionType": "git"}, {"version": "bfec1e55314896bf4a4cfdb3a9ad4872be9f06ed", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/iso.c"], "versions": [{"version": "6.12.2", "lessThan": "6.12.6", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.2", "versionEndExcluding": "6.12.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/cbe640d6cae590b9a7d81ce86fe9a90e83eec1d5"}, {"url": "https://git.kernel.org/stable/c/7a17308c17880d259105f6e591eb1bc77b9612f0"}], "title": "Bluetooth: iso: Fix circular lock in iso_conn_big_sync", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-54191", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:55:33.815501Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-667", "description": "CWE-667 Improper Locking"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T19:57:21.849Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-54191", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-09T09:49:29.716Z", "datePublished": "2025-01-11T12:29:52.753Z", "dateUpdated": "2025-05-04T13:00:48.976Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T13:00:48.976Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: iso: Fix circular lock in iso_conn_big_sync\n\nThis fixes the circular locking dependency warning below, by reworking\niso_sock_recvmsg, to ensure that the socket lock is always released\nbefore calling a function that locks hdev.\n\n[ 561.670344] ======================================================\n[ 561.670346] WARNING: possible circular locking dependency detected\n[ 561.670349] 6.12.0-rc6+ #26 Not tainted\n[ 561.670351] ------------------------------------------------------\n[ 561.670353] iso-tester/3289 is trying to acquire lock:\n[ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3},\n at: iso_conn_big_sync+0x73/0x260 [bluetooth]\n[ 561.670405]\n but task is already holding lock:\n[ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0},\n at: iso_sock_recvmsg+0xbf/0x500 [bluetooth]\n[ 561.670450]\n which lock already depends on the new lock.\n\n[ 561.670452]\n the existing dependency chain (in reverse order) is:\n[ 561.670453]\n -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}:\n[ 561.670458] lock_acquire+0x7c/0xc0\n[ 561.670463] lock_sock_nested+0x3b/0xf0\n[ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth]\n[ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth]\n[ 561.670547] do_accept+0x3dd/0x610\n[ 561.670550] __sys_accept4+0xd8/0x170\n[ 561.670553] __x64_sys_accept+0x74/0xc0\n[ 561.670556] x64_sys_call+0x17d6/0x25f0\n[ 561.670559] do_syscall_64+0x87/0x150\n[ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670567]\n -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}:\n[ 561.670571] lock_acquire+0x7c/0xc0\n[ 561.670574] lock_sock_nested+0x3b/0xf0\n[ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth]\n[ 561.670617] __sys_listen_socket+0xef/0x130\n[ 561.670620] __x64_sys_listen+0xe1/0x190\n[ 561.670623] x64_sys_call+0x2517/0x25f0\n[ 561.670626] do_syscall_64+0x87/0x150\n[ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670632]\n -> #0 (&hdev->lock){+.+.}-{3:3}:\n[ 561.670636] __lock_acquire+0x32ad/0x6ab0\n[ 561.670639] lock_acquire.part.0+0x118/0x360\n[ 561.670642] lock_acquire+0x7c/0xc0\n[ 561.670644] __mutex_lock+0x18d/0x12f0\n[ 561.670647] mutex_lock_nested+0x1b/0x30\n[ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth]\n[ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth]\n[ 561.670722] sock_recvmsg+0x1d5/0x240\n[ 561.670725] sock_read_iter+0x27d/0x470\n[ 561.670727] vfs_read+0x9a0/0xd30\n[ 561.670731] ksys_read+0x1a8/0x250\n[ 561.670733] __x64_sys_read+0x72/0xc0\n[ 561.670736] x64_sys_call+0x1b12/0x25f0\n[ 561.670738] do_syscall_64+0x87/0x150\n[ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670744]\n other info that might help us debug this:\n\n[ 561.670745] Chain exists of:\n&hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH\n\n[ 561.670751] Possible unsafe locking scenario:\n\n[ 561.670753] CPU0 CPU1\n[ 561.670754] ---- ----\n[ 561.670756] lock(sk_lock-AF_BLUETOOTH);\n[ 561.670758] lock(sk_lock\n AF_BLUETOOTH-BTPROTO_ISO);\n[ 561.670761] lock(sk_lock-AF_BLUETOOTH);\n[ 561.670764] lock(&hdev->lock);\n[ 561.670767]\n *** DEADLOCK ***"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/iso.c"], "versions": [{"version": "1360e5b6ce63d63d23223a659ca2bbafa30a53aa", "lessThan": "cbe640d6cae590b9a7d81ce86fe9a90e83eec1d5", "status": "affected", "versionType": "git"}, {"version": "07a9342b94a91b306ed1cf6aa8254aea210764c9", "lessThan": "7a17308c17880d259105f6e591eb1bc77b9612f0", "status": "affected", "versionType": "git"}, {"version": "bfec1e55314896bf4a4cfdb3a9ad4872be9f06ed", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/iso.c"], "versions": [{"version": "6.12.2", "lessThan": "6.12.6", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.2", "versionEndExcluding": "6.12.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/cbe640d6cae590b9a7d81ce86fe9a90e83eec1d5"}, {"url": "https://git.kernel.org/stable/c/7a17308c17880d259105f6e591eb1bc77b9612f0"}], "title": "Bluetooth: iso: Fix circular lock in iso_conn_big_sync", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-54191", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T19:55:33.815501Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-667", "description": "CWE-667 Improper Locking"}]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-10-01T15:52:55.619Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CBF5F6E-D446-4CAE-AAA4-413442319824", "versionEndExcluding": "6.12", "versionStartIncluding": "6.11.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "56F9CCF9-9EA2-4DE9-BBC1-74C3D2046E55", "versionEndExcluding": "6.12.6", "versionStartIncluding": "6.12.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: iso: Fix circular lock in iso_conn_big_sync\n\nThis fixes the circular locking dependency warning below, by reworking\niso_sock_recvmsg, to ensure that the socket lock is always released\nbefore calling a function that locks hdev.\n\n[ 561.670344] ======================================================\n[ 561.670346] WARNING: possible circular locking dependency detected\n[ 561.670349] 6.12.0-rc6+ #26 Not tainted\n[ 561.670351] ------------------------------------------------------\n[ 561.670353] iso-tester/3289 is trying to acquire lock:\n[ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3},\n at: iso_conn_big_sync+0x73/0x260 [bluetooth]\n[ 561.670405]\n but task is already holding lock:\n[ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0},\n at: iso_sock_recvmsg+0xbf/0x500 [bluetooth]\n[ 561.670450]\n which lock already depends on the new lock.\n\n[ 561.670452]\n the existing dependency chain (in reverse order) is:\n[ 561.670453]\n -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}:\n[ 561.670458] lock_acquire+0x7c/0xc0\n[ 561.670463] lock_sock_nested+0x3b/0xf0\n[ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth]\n[ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth]\n[ 561.670547] do_accept+0x3dd/0x610\n[ 561.670550] __sys_accept4+0xd8/0x170\n[ 561.670553] __x64_sys_accept+0x74/0xc0\n[ 561.670556] x64_sys_call+0x17d6/0x25f0\n[ 561.670559] do_syscall_64+0x87/0x150\n[ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670567]\n -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}:\n[ 561.670571] lock_acquire+0x7c/0xc0\n[ 561.670574] lock_sock_nested+0x3b/0xf0\n[ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth]\n[ 561.670617] __sys_listen_socket+0xef/0x130\n[ 561.670620] __x64_sys_listen+0xe1/0x190\n[ 561.670623] x64_sys_call+0x2517/0x25f0\n[ 561.670626] do_syscall_64+0x87/0x150\n[ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670632]\n -> #0 (&hdev->lock){+.+.}-{3:3}:\n[ 561.670636] __lock_acquire+0x32ad/0x6ab0\n[ 561.670639] lock_acquire.part.0+0x118/0x360\n[ 561.670642] lock_acquire+0x7c/0xc0\n[ 561.670644] __mutex_lock+0x18d/0x12f0\n[ 561.670647] mutex_lock_nested+0x1b/0x30\n[ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth]\n[ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth]\n[ 561.670722] sock_recvmsg+0x1d5/0x240\n[ 561.670725] sock_read_iter+0x27d/0x470\n[ 561.670727] vfs_read+0x9a0/0xd30\n[ 561.670731] ksys_read+0x1a8/0x250\n[ 561.670733] __x64_sys_read+0x72/0xc0\n[ 561.670736] x64_sys_call+0x1b12/0x25f0\n[ 561.670738] do_syscall_64+0x87/0x150\n[ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670744]\n other info that might help us debug this:\n\n[ 561.670745] Chain exists of:\n&hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH\n\n[ 561.670751] Possible unsafe locking scenario:\n\n[ 561.670753] CPU0 CPU1\n[ 561.670754] ---- ----\n[ 561.670756] lock(sk_lock-AF_BLUETOOTH);\n[ 561.670758] lock(sk_lock\n AF_BLUETOOTH-BTPROTO_ISO);\n[ 561.670761] lock(sk_lock-AF_BLUETOOTH);\n[ 561.670764] lock(&hdev->lock);\n[ 561.670767]\n *** DEADLOCK ***"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: iso: Corregir bloqueo circular en iso_conn_big_sync Esto corrige la advertencia de dependencia de bloqueo circular a continuaci\u00f3n, al reelaborar iso_sock_recvmsg, para garantizar que el bloqueo del socket siempre se libere antes de llamar a una funci\u00f3n que bloquea hdev. [ 561.670344] ========================================================= [ 561.670346] ADVERTENCIA: posible dependencia de bloqueo circular detectada [ 561.670349] 6.12.0-rc6+ #26 No contaminado [ 561.670351] ------------------------------------------------------ [ 561.670353] iso-tester/3289 est\u00e1 intentando adquirir bloqueo: [ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3}, en: iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670405] pero la tarea ya tiene el bloqueo: [ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, en: iso_sock_recvmsg+0xbf/0x500 [bluetooth] [ 561.670450] cuyo bloqueo ya depende del nuevo bloqueo. [ 561.670452] la cadena de dependencia existente (en orden inverso) es: [ 561.670453] -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}: [ 561.670458] lock_acquire+0x7c/0xc0 [ 561.670463] lock_sock_nested+0x3b/0xf0 [ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth] [ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth] [ 561.670547] do_accept+0x3dd/0x610 [ 561.670550] __sys_accept4+0xd8/0x170 [ 561.670553] __x64_sys_accept+0x74/0xc0 [ 561.670556] x64_sys_call+0x17d6/0x25f0 [ 561.670559] hacer_syscall_64+0x87/0x150 [ 561.670563] entrada_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670567] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 561.670571] bloqueo_adquirir+0x7c/0xc0 [ 561.670574] lock_sock_nested+0x3b/0xf0 [ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth] [ 561.670617] __sys_listen_socket+0xef/0x130 [ 561.670620] __x64_sys_listen+0xe1/0x190 [ 561.670623] x64_sys_call+0x2517/0x25f0 [ 561.670626] hacer_syscall_64+0x87/0x150 [ 561.670629] entrada_SYSCALL_64_despu\u00e9s_de_hwframe+0x76/0x7e [ 561.670632] -> #0 (&hdev->lock){+.+.}-{3:3}: [ 561.670636] __lock_acquire+0x32ad/0x6ab0 [ 561.670639] lock_acquire.part.0+0x118/0x360 [ 561.670642] lock_acquire+0x7c/0xc0 [ 561.670644] __mutex_lock+0x18d/0x12f0 [ 561.670647] mutex_lock_nested+0x1b/0x30 [ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth] [561.670722] sock_recvmsg+0x1d5/0x240 [561.670725] sock_read_iter+0x27d/0x470 [561.670727] vfs_read+0x9a0/0xd30 [561.670731] ksys_read+0x1a8/0x250 [561.670733] __x64_sys_read+0x72/0xc0 [561.670736] x64_sys_call+0x1b12/0x25f0 [561.670738] do_syscall_64+0x87/0x150 [ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670744] otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: [ 561.670745] La cadena existe de: &hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH [ 561.670751] Posible escenario de bloqueo inseguro: [ 561.670753] CPU0 CPU1 [ 561.670754] ---- ---- [ 561.670756] lock(sk_lock-AF_BLUETOOTH); [ 561.670758] bloqueo(sk_lock AF_BLUETOOTH-BTPROTO_ISO); [ 561.670761] bloqueo(sk_lock-AF_BLUETOOTH); [ 561.670764] bloqueo(&hdev->lock); [ 561.670767] *** BLOQUEO INTERMEDIO ***"}], "id": "CVE-2024-54191", "lastModified": "2025-10-01T20:17:23.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-11T13:15:26.667", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7a17308c17880d259105f6e591eb1bc77b9612f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cbe640d6cae590b9a7d81ce86fe9a90e83eec1d5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-667"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: Bluetooth: iso: Fix circular lock in iso_conn_big_sync", "id": "2337356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337356"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-667", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: iso: Fix circular lock in iso_conn_big_sync\nThis fixes the circular locking dependency warning below, by reworking\niso_sock_recvmsg, to ensure that the socket lock is always released\nbefore calling a function that locks hdev.\n[ 561.670344] ======================================================\n[ 561.670346] WARNING: possible circular locking dependency detected\n[ 561.670349] 6.12.0-rc6+ #26 Not tainted\n[ 561.670351] ------------------------------------------------------\n[ 561.670353] iso-tester/3289 is trying to acquire lock:\n[ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3},\nat: iso_conn_big_sync+0x73/0x260 [bluetooth]\n[ 561.670405]\nbut task is already holding lock:\n[ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0},\nat: iso_sock_recvmsg+0xbf/0x500 [bluetooth]\n[ 561.670450]\nwhich lock already depends on the new lock.\n[ 561.670452]\nthe existing dependency chain (in reverse order) is:\n[ 561.670453]\n-> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}:\n[ 561.670458] lock_acquire+0x7c/0xc0\n[ 561.670463] lock_sock_nested+0x3b/0xf0\n[ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth]\n[ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth]\n[ 561.670547] do_accept+0x3dd/0x610\n[ 561.670550] __sys_accept4+0xd8/0x170\n[ 561.670553] __x64_sys_accept+0x74/0xc0\n[ 561.670556] x64_sys_call+0x17d6/0x25f0\n[ 561.670559] do_syscall_64+0x87/0x150\n[ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670567]\n-> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}:\n[ 561.670571] lock_acquire+0x7c/0xc0\n[ 561.670574] lock_sock_nested+0x3b/0xf0\n[ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth]\n[ 561.670617] __sys_listen_socket+0xef/0x130\n[ 561.670620] __x64_sys_listen+0xe1/0x190\n[ 561.670623] x64_sys_call+0x2517/0x25f0\n[ 561.670626] do_syscall_64+0x87/0x150\n[ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670632]\n-> #0 (&hdev->lock){+.+.}-{3:3}:\n[ 561.670636] __lock_acquire+0x32ad/0x6ab0\n[ 561.670639] lock_acquire.part.0+0x118/0x360\n[ 561.670642] lock_acquire+0x7c/0xc0\n[ 561.670644] __mutex_lock+0x18d/0x12f0\n[ 561.670647] mutex_lock_nested+0x1b/0x30\n[ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth]\n[ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth]\n[ 561.670722] sock_recvmsg+0x1d5/0x240\n[ 561.670725] sock_read_iter+0x27d/0x470\n[ 561.670727] vfs_read+0x9a0/0xd30\n[ 561.670731] ksys_read+0x1a8/0x250\n[ 561.670733] __x64_sys_read+0x72/0xc0\n[ 561.670736] x64_sys_call+0x1b12/0x25f0\n[ 561.670738] do_syscall_64+0x87/0x150\n[ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 561.670744]\nother info that might help us debug this:\n[ 561.670745] Chain exists of:\n&hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH\n[ 561.670751] Possible unsafe locking scenario:\n[ 561.670753] CPU0 CPU1\n[ 561.670754] ---- ----\n[ 561.670756] lock(sk_lock-AF_BLUETOOTH);\n[ 561.670758] lock(sk_lock\nAF_BLUETOOTH-BTPROTO_ISO);\n[ 561.670761] lock(sk_lock-AF_BLUETOOTH);\n[ 561.670764] lock(&hdev->lock);\n[ 561.670767]\n*** DEADLOCK ***"], "name": "CVE-2024-54191", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-54191\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-54191\nhttps://lore.kernel.org/linux-cve-announce/2025011158-CVE-2024-54191-eeef@gregkh/T"], "threat_severity": "Moderate"}

{}