CVE-2024-26886
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shown bellow, so instead of using sock_sock this uses sk_receive_queue.lock on bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 Workqueue: hci0 hci_rx_work Call Trace: <TASK> __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | bookworm | fixed | 6.1.85-1 |
| debian | bullseye | affected | |
| debian | forky | fixed | 6.7.12-1 |
| debian | sid | fixed | 6.7.12-1 |
| debian | trixie | fixed | 6.7.12-1 |
| almalinux | 9 | fixed | kernel-headers-5.14.0-427.35.1.el9_4.aarch64.rpm |
References
- https://access.redhat.com/errata/RHSA-2024:6567
- https://www.suse.com/security/cve/CVE-2024-26886.html
- https://errata.rockylinux.org/RXSA-2024:6567
- https://errata.rockylinux.org/RLSA-2024:6567
- https://security-tracker.debian.org/tracker/CVE-2024-26886
- https://bugzilla.redhat.com/2265797
- https://bugzilla.redhat.com/2269434
- https://bugzilla.redhat.com/2269436
- https://bugzilla.redhat.com/2273141
- https://bugzilla.redhat.com/2275678
- https://bugzilla.redhat.com/2278206
- https://bugzilla.redhat.com/2281052
- https://bugzilla.redhat.com/2281151
- https://bugzilla.redhat.com/2281727
- https://bugzilla.redhat.com/2281968
- https://bugzilla.redhat.com/2282709
- https://bugzilla.redhat.com/2284271
- https://bugzilla.redhat.com/2284402
- https://bugzilla.redhat.com/2293273
- https://bugzilla.redhat.com/2293276
- https://bugzilla.redhat.com/2293440
- https://bugzilla.redhat.com/2297511
- https://bugzilla.redhat.com/2297520
- https://bugzilla.redhat.com/2300409
- https://bugzilla.redhat.com/2300414
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.