CVE-2024-46680— Bluetooth: btnxpuart: Fix random crash seen while removing driver
Affected Version Matrix 8
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 86d55f124b52de2ba0d066d89b766bcc0387fd72< 662a55986b88807da4d112d838c8aaa05810e938 | affected |
86d55f124b52de2ba0d066d89b766bcc0387fd72< 29a1d9971e38f92c84b363ff50379dd434ddfe1c | affected | ||
86d55f124b52de2ba0d066d89b766bcc0387fd72< 35237475384ab3622f63c3c09bdf6af6dacfe9c3 | affected | ||
6.4 | affected | ||
< 6.4 | unaffected | ||
6.6.49≤ 6.6.* | unaffected | ||
6.10.8≤ 6.10.* | unaffected | ||
6.11≤ * | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-46680
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bluetooth: btnxpuart: Fix random crash seen while removing driver
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix random crash seen while removing driver This fixes the random kernel crash seen while removing the driver, when running the load/unload test over multiple iterations. 1) modprobe btnxpuart 2) hciconfig hci0 reset 3) hciconfig (check hci0 interface up with valid BD address) 4) modprobe -r btnxpuart Repeat steps 1 to 4 The ps_wakeup() call in btnxpuart_close() schedules the psdata->work(), which gets scheduled after module is removed, causing a kernel crash. This hidden issue got highlighted after enabling Power Save by default in 4183a7be7700 (Bluetooth: btnxpuart: Enable Power Save feature on startup) The new ps_cleanup() deasserts UART break immediately while closing serdev device, cancels any scheduled ps_work and destroys the ps_lock mutex. [ 85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258 [ 85.884624] Mem abort info: [ 85.884625] ESR = 0x0000000086000007 [ 85.884628] EC = 0x21: IABT (current EL), IL = 32 bits [ 85.884633] SET = 0, FnV = 0 [ 85.884636] EA = 0, S1PTW = 0 [ 85.884638] FSC = 0x07: level 3 translation fault [ 85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000 [ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000 [ 85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP [ 85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)] [ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G O 6.1.36+g937b1be4345a #1 [ 85.936176] Hardware name: FSL i.MX8MM EVK board (DT) [ 85.936182] Workqueue: events 0xffffd4a61638f380 [ 85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 85.952817] pc : 0xffffd4a61638f258 [ 85.952823] lr : 0xffffd4a61638f258 [ 85.952827] sp : ffff8000084fbd70 [ 85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000 [ 85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305 [ 85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970 [ 85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000 [ 85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090 [ 85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139 [ 85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50 [ 85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8 [ 85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000 [ 85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000 [ 85.977443] Call trace: [ 85.977446] 0xffffd4a61638f258 [ 85.977451] 0xffffd4a61638f3e8 [ 85.977455] process_one_work+0x1d4/0x330 [ 85.977464] worker_thread+0x6c/0x430 [ 85.977471] kthread+0x108/0x10c [ 85.977476] ret_from_fork+0x10/0x20 [ 85.977488] Code: bad PC value [ 85.977491] ---[ end trace 0000000000000000 ]--- Preset since v6.9.11
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于btnxpuart组件在驱动程序卸载时未能正确处理工作队列,可能导致内核崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-46680
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-46680
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-09-13 · 40 CVEs total
| CVE-2024-46704 | workqueue: Fix spruious data race in __flush_work() | |
| CVE-2024-46694 | drm/amd/display: avoid using null object of framebuffer | |
| CVE-2024-46696 | nfsd: fix potential UAF in nfsd4_cb_getattr_release | |
| CVE-2024-46695 | selinux,smack: don't bypass permissions check in inode_setsecctx hook | |
| CVE-2024-46698 | video/aperture: optionally match the device in sysfb_disable() | |
| CVE-2024-46697 | nfsd: ensure that nfsd4_fattr_args.context is zeroed out | |
| CVE-2024-46699 | drm/v3d: Disable preemption while updating GPU stats | |
| CVE-2024-46701 | libfs: fix infinite directory reads for offset dir | |
| CVE-2024-46702 | thunderbolt: Mark XDomain as unplugged when router is removed | |
| CVE-2024-46703 | Revert "serial: 8250_omap: Set the console genpd always on if no console suspend" | |
| CVE-2024-46692 | firmware: qcom: scm: Mark get_wq_ctx() as atomic call | |
| CVE-2024-46705 | drm/xe: reset mmio mappings with devm | |
| CVE-2024-46706 | tty: serial: fsl_lpuart: mark last busy before uart_add_one_port | |
| CVE-2024-46707 | KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 | |
| CVE-2024-46709 | drm/vmwgfx: Fix prime with external buffers | |
| CVE-2024-46708 | pinctrl: qcom: x1e80100: Fix special pin offsets | |
| CVE-2024-46710 | drm/vmwgfx: Prevent unmapping active read buffers | |
| CVE-2024-46711 | mptcp: pm: fix ID 0 endp usage after multiple re-creations | |
| CVE-2024-46712 | drm/vmwgfx: Disable coherent dumb buffers without 3d | |
| CVE-2024-46713 | perf/aux: Fix AUX buffer serialization |
Showing top 20 of 40 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43492
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_ - CVE-2026-43493
crypto: pcrypt - Fix handling of MAY_BACKLOG requests - CVE-2026-43491
net: qrtr: ns: Limit the maximum server registration per nod - CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length
Same vendor: Linux
- CVE-2026-43492
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_ - CVE-2026-43493
crypto: pcrypt - Fix handling of MAY_BACKLOG requests - CVE-2026-43491
net: qrtr: ns: Limit the maximum server registration per nod - CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length
V. Comments for CVE-2024-46680
No comments yet