CVE-2024-44962— Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-44962
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated timer will be deleted. If the timer happens to be modified at this moment, it leads to the kernel call this timer even after the driver unloaded, resulting in kernel panic. Use timer_shutdown_sync() instead of del_timer_sync() to prevent rearming. panic log: Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded: btnxpuart] CPU: 5 PID: 723 Comm: memtester Tainted: G O 6.6.23-lts-next-06207-g4aef2658ac28 #1 Hardware name: NXP i.MX95 19X19 board (DT) pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0xffff80007a2cf464 lr : call_timer_fn.isra.0+0x24/0x80 ... Call trace: 0xffff80007a2cf464 __run_timers+0x234/0x280 run_timer_softirq+0x20/0x40 __do_softirq+0x100/0x26c ____do_softirq+0x10/0x1c call_on_irq_stack+0x24/0x4c do_softirq_own_stack+0x1c/0x2c irq_exit_rcu+0xc0/0xdc el0_interrupt+0x54/0xd8 __el0_irq_handler_common+0x18/0x24 el0t_64_irq_handler+0x10/0x1c el0t_64_irq+0x190/0x194 Code: ???????? ???????? ???????? ???????? (????????) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0,c0000000,40028143,1000721b Memory Limit: none ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于Bluetooth: btnxpuart组件存在驱动卸载时定时器重复触发漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-44962
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-44962
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-09-04 · 58 CVEs total
| CVE-2024-44991 | tcp: prevent concurrent execution of tcp_sk_exit_batch | |
| CVE-2024-45002 | rtla/osnoise: Prevent NULL dereference in error handling | |
| CVE-2024-45006 | xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration | |
| CVE-2024-45004 | KEYS: trusted: dcp: fix leak of blob encryption key | |
| CVE-2024-45003 | vfs: Don't evict inode under the inode lru traversing context | |
| CVE-2024-45005 | KVM: s390: fix validity interception issue when gisa is switched off | |
| CVE-2024-44994 | iommu: Restore lost return in iommu_report_device_fault() | |
| CVE-2024-44993 | drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()` | |
| CVE-2024-44992 | smb/client: avoid possible NULL dereference in cifs_free_subrequest() | |
| CVE-2024-44990 | bonding: fix null pointer deref in bond_ipsec_offload_ok | |
| CVE-2024-44995 | net: hns3: fix a deadlock problem when config TC during resetting | |
| CVE-2024-44989 | bonding: fix xfrm real_dev null pointer dereference | |
| CVE-2024-44988 | net: dsa: mv88e6xxx: Fix out-of-bound access | |
| CVE-2024-44987 | ipv6: prevent UAF in ip6_send_skb() | |
| CVE-2024-44986 | ipv6: fix possible UAF in ip6_finish_output2() | |
| CVE-2024-44985 | ipv6: prevent possible UAF in ip6_xmit() | |
| CVE-2024-44983 | netfilter: flowtable: validate vlan header | |
| CVE-2024-44984 | bnxt_en: Fix double DMA unmapping for XDP_REDIRECT | |
| CVE-2024-44982 | drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails | |
| CVE-2024-44981 | workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() |
Showing top 20 of 58 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2024-44962
No comments yet