cvelistv5 - cve-2021-47038

cve-2021-47038

Vulnerability from cvelistv5

Published

2024-02-28 08:13

Modified

2024-11-04 11:58

Severity ?

Summary

Bluetooth: avoid deadlock between hci_dev->lock and socket lock

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/17486960d79b900c45e0bb8fbcac0262848582ba
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/332e69eb3bd90370f2d9f2c2ca7974ff523dea17
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/7cc0ba67883c6c8d3bddb283f56c167fc837a555
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/fee71f480bc1dec5f6ae3b0b185ff12a62bceabc

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.488Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7cc0ba67883c6c8d3bddb283f56c167fc837a555"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fee71f480bc1dec5f6ae3b0b185ff12a62bceabc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/332e69eb3bd90370f2d9f2c2ca7974ff523dea17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17486960d79b900c45e0bb8fbcac0262848582ba"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47038",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:57:52.490548Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:20.423Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_conn.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7cc0ba67883c",
              "status": "affected",
              "version": "eab2404ba798",
              "versionType": "git"
            },
            {
              "lessThan": "fee71f480bc1",
              "status": "affected",
              "version": "eab2404ba798",
              "versionType": "git"
            },
            {
              "lessThan": "332e69eb3bd9",
              "status": "affected",
              "version": "eab2404ba798",
              "versionType": "git"
            },
            {
              "lessThan": "17486960d79b",
              "status": "affected",
              "version": "eab2404ba798",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_conn.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: avoid deadlock between hci_dev-\u003elock and socket lock\n\nCommit eab2404ba798 (\"Bluetooth: Add BT_PHY socket option\") added a\ndependency between socket lock and hci_dev-\u003elock that could lead to\ndeadlock.\n\nIt turns out that hci_conn_get_phy() is not in any way relying on hdev\nbeing immutable during the runtime of this function, neither does it even\nlook at any of the members of hdev, and as such there is no need to hold\nthat lock.\n\nThis fixes the lockdep splat below:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 5.12.0-rc1-00026-g73d464503354 #10 Not tainted\n ------------------------------------------------------\n bluetoothd/1118 is trying to acquire lock:\n ffff8f078383c078 (\u0026hdev-\u003elock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]\n\n but task is already holding lock:\n ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:\n        lock_sock_nested+0x72/0xa0\n        l2cap_sock_ready_cb+0x18/0x70 [bluetooth]\n        l2cap_config_rsp+0x27a/0x520 [bluetooth]\n        l2cap_sig_channel+0x658/0x1330 [bluetooth]\n        l2cap_recv_frame+0x1ba/0x310 [bluetooth]\n        hci_rx_work+0x1cc/0x640 [bluetooth]\n        process_one_work+0x244/0x5f0\n        worker_thread+0x3c/0x380\n        kthread+0x13e/0x160\n        ret_from_fork+0x22/0x30\n\n -\u003e #2 (\u0026chan-\u003elock#2/1){+.+.}-{3:3}:\n        __mutex_lock+0xa3/0xa10\n        l2cap_chan_connect+0x33a/0x940 [bluetooth]\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n        __sys_connect+0x9b/0xc0\n        __x64_sys_connect+0x16/0x20\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #1 (\u0026conn-\u003echan_lock){+.+.}-{3:3}:\n        __mutex_lock+0xa3/0xa10\n        l2cap_chan_connect+0x322/0x940 [bluetooth]\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n        __sys_connect+0x9b/0xc0\n        __x64_sys_connect+0x16/0x20\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #0 (\u0026hdev-\u003elock){+.+.}-{3:3}:\n        __lock_acquire+0x147a/0x1a50\n        lock_acquire+0x277/0x3d0\n        __mutex_lock+0xa3/0xa10\n        hci_conn_get_phy+0x1c/0x150 [bluetooth]\n        l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]\n        __sys_getsockopt+0xcc/0x200\n        __x64_sys_getsockopt+0x20/0x30\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n other info that might help us debug this:\n\n Chain exists of:\n   \u0026hdev-\u003elock --\u003e \u0026chan-\u003elock#2/1 --\u003e sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP\n\n  Possible unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n   lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n                                lock(\u0026chan-\u003elock#2/1);\n                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n   lock(\u0026hdev-\u003elock);\n\n  *** DEADLOCK ***\n\n 1 lock held by bluetoothd/1118:\n  #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]\n\n stack backtrace:\n CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10\n Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017\n Call Trace:\n  dump_stack+0x7f/0xa1\n  check_noncircular+0x105/0x120\n  ? __lock_acquire+0x147a/0x1a50\n  __lock_acquire+0x147a/0x1a50\n  lock_acquire+0x277/0x3d0\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  ? __lock_acquire+0x2e1/0x1a50\n  ? lock_is_held_type+0xb4/0x120\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  __mutex_lock+0xa3/0xa10\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  ? lock_acquire+0x277/0x3d0\n  ? mark_held_locks+0x49/0x70\n  ? mark_held_locks+0x49/0x70\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  hci_conn_get_phy+0x\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T11:58:13.032Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7cc0ba67883c6c8d3bddb283f56c167fc837a555"
        },
        {
          "url": "https://git.kernel.org/stable/c/fee71f480bc1dec5f6ae3b0b185ff12a62bceabc"
        },
        {
          "url": "https://git.kernel.org/stable/c/332e69eb3bd90370f2d9f2c2ca7974ff523dea17"
        },
        {
          "url": "https://git.kernel.org/stable/c/17486960d79b900c45e0bb8fbcac0262848582ba"
        }
      ],
      "title": "Bluetooth: avoid deadlock between hci_dev-\u003elock and socket lock",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47038",
    "datePublished": "2024-02-28T08:13:45.310Z",
    "dateReserved": "2024-02-27T18:42:55.965Z",
    "dateUpdated": "2024-11-04T11:58:13.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47038\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-28T09:15:39.893\",\"lastModified\":\"2024-02-28T14:06:45.783\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nBluetooth: avoid deadlock between hci_dev-\u003elock and socket lock\\n\\nCommit eab2404ba798 (\\\"Bluetooth: Add BT_PHY socket option\\\") added a\\ndependency between socket lock and hci_dev-\u003elock that could lead to\\ndeadlock.\\n\\nIt turns out that hci_conn_get_phy() is not in any way relying on hdev\\nbeing immutable during the runtime of this function, neither does it even\\nlook at any of the members of hdev, and as such there is no need to hold\\nthat lock.\\n\\nThis fixes the lockdep splat below:\\n\\n ======================================================\\n WARNING: possible circular locking dependency detected\\n 5.12.0-rc1-00026-g73d464503354 #10 Not tainted\\n ------------------------------------------------------\\n bluetoothd/1118 is trying to acquire lock:\\n ffff8f078383c078 (\u0026hdev-\u003elock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]\\n\\n but task is already holding lock:\\n ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610\\n\\n which lock already depends on the new lock.\\n\\n the existing dependency chain (in reverse order) is:\\n\\n -\u003e #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:\\n        lock_sock_nested+0x72/0xa0\\n        l2cap_sock_ready_cb+0x18/0x70 [bluetooth]\\n        l2cap_config_rsp+0x27a/0x520 [bluetooth]\\n        l2cap_sig_channel+0x658/0x1330 [bluetooth]\\n        l2cap_recv_frame+0x1ba/0x310 [bluetooth]\\n        hci_rx_work+0x1cc/0x640 [bluetooth]\\n        process_one_work+0x244/0x5f0\\n        worker_thread+0x3c/0x380\\n        kthread+0x13e/0x160\\n        ret_from_fork+0x22/0x30\\n\\n -\u003e #2 (\u0026chan-\u003elock#2/1){+.+.}-{3:3}:\\n        __mutex_lock+0xa3/0xa10\\n        l2cap_chan_connect+0x33a/0x940 [bluetooth]\\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\\n        __sys_connect+0x9b/0xc0\\n        __x64_sys_connect+0x16/0x20\\n        do_syscall_64+0x33/0x80\\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\n -\u003e #1 (\u0026conn-\u003echan_lock){+.+.}-{3:3}:\\n        __mutex_lock+0xa3/0xa10\\n        l2cap_chan_connect+0x322/0x940 [bluetooth]\\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\\n        __sys_connect+0x9b/0xc0\\n        __x64_sys_connect+0x16/0x20\\n        do_syscall_64+0x33/0x80\\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\n -\u003e #0 (\u0026hdev-\u003elock){+.+.}-{3:3}:\\n        __lock_acquire+0x147a/0x1a50\\n        lock_acquire+0x277/0x3d0\\n        __mutex_lock+0xa3/0xa10\\n        hci_conn_get_phy+0x1c/0x150 [bluetooth]\\n        l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]\\n        __sys_getsockopt+0xcc/0x200\\n        __x64_sys_getsockopt+0x20/0x30\\n        do_syscall_64+0x33/0x80\\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\n other info that might help us debug this:\\n\\n Chain exists of:\\n   \u0026hdev-\u003elock --\u003e \u0026chan-\u003elock#2/1 --\u003e sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP\\n\\n  Possible unsafe locking scenario:\\n\\n        CPU0                    CPU1\\n        ----                    ----\\n   lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\\n                                lock(\u0026chan-\u003elock#2/1);\\n                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\\n   lock(\u0026hdev-\u003elock);\\n\\n  *** DEADLOCK ***\\n\\n 1 lock held by bluetoothd/1118:\\n  #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]\\n\\n stack backtrace:\\n CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10\\n Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017\\n Call Trace:\\n  dump_stack+0x7f/0xa1\\n  check_noncircular+0x105/0x120\\n  ? __lock_acquire+0x147a/0x1a50\\n  __lock_acquire+0x147a/0x1a50\\n  lock_acquire+0x277/0x3d0\\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\\n  ? __lock_acquire+0x2e1/0x1a50\\n  ? lock_is_held_type+0xb4/0x120\\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\\n  __mutex_lock+0xa3/0xa10\\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\\n  ? lock_acquire+0x277/0x3d0\\n  ? mark_held_locks+0x49/0x70\\n  ? mark_held_locks+0x49/0x70\\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\\n  hci_conn_get_phy+0x\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: evitar interbloqueo entre hci_dev-\u0026gt;lock y socket lock. el commit eab2404ba798 (\\\"Bluetooth: Add BT_PHY socket option\\\") agreg\u00f3 una dependencia entre socket lock y hci_dev-\u0026gt;lock que podr\u00eda provocar a un punto muerto. Resulta que hci_conn_get_phy() no depende de ninguna manera de que hdev sea inmutable durante el tiempo de ejecuci\u00f3n de esta funci\u00f3n, ni siquiera mira a ninguno de los miembros de hdev y, como tal, no es necesario mantener ese bloqueo. Esto soluciona el problema de bloqueo a continuaci\u00f3n: ============================================ =========== ADVERTENCIA: posible dependencia de bloqueo circular detectada 5.12.0-rc1-00026-g73d464503354 #10 No contaminado ------------------- ----------------------------------- bluetoothd/1118 est\u00e1 intentando adquirir el bloqueo: ffff8f078383c078 (\u0026amp;hdev-\u0026gt;lock ){+.+.}-{3:3}, en: hci_conn_get_phy+0x1c/0x150 [bluetooth] pero la tarea ya est\u00e1 bloqueada: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0 }, en: l2cap_sock_getsockopt+0x8b/0x610 cuyo bloqueo ya depende del nuevo bloqueo. la cadena de dependencia existente (en orden inverso) es: -\u0026gt; #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}: lock_sock_nested+0x72/0xa0 l2cap_sock_ready_cb+0x18/0x70 [bluetooth] l2cap_config_rsp+ 0x27a/0x520 [bluetooth] l2cap_sig_channel+0x658/0x1330 [bluetooth] l2cap_recv_frame+0x1ba/0x310 [bluetooth] hci_rx_work+0x1cc/0x640 [bluetooth] Process_one_work+0x244/0x5f0 trabajador_thread+0x3c/0x380 kthread+0 x13e/0x160 ret_from_fork+0x22/0x30 -\u0026gt; #2 (\u0026amp;chan-\u0026gt;lock#2/1){+.+.}-{3:3}: __mutex_lock+0xa3/0xa10 l2cap_chan_connect+0x33a/0x940 [bluetooth] l2cap_sock_connect+0x141/0x2a0 [bluetooth] __sys_connect+ 0x9b/0xc0 __x64_sys_connect+0x16/0x20 do_syscall_64+0x33/0x80 Entry_SYSCALL_64_after_hwframe+0x44/0xae -\u0026gt; #1 (\u0026amp;conn-\u0026gt;chan_lock){+.+.}-{3:3}: __mutex_lock+0xa3/0xa10 l2cap_chan_connect+0 x322/ 0x940 [bluetooth] l2cap_sock_connect+0x141/0x2a0 [bluetooth] __sys_connect+0x9b/0xc0 __x64_sys_connect+0x16/0x20 do_syscall_64+0x33/0x80 Entry_SYSCALL_64_after_hwframe+0x44/0xae -\u0026gt; #0 (\u0026amp;hdev- \u0026gt;bloquear){+.+.}-{ 3:3}: __lock_acquire+0x147a/0x1a50 lock_acquire+0x277/0x3d0 __mutex_lock+0xa3/0xa10 hci_conn_get_phy+0x1c/0x150 [bluetooth] l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth] __sys_getsockopt+0xcc /0x200 __x64_sys_getsockopt+0x20/0x30 do_syscall_64+0x33/ 0x80 Entry_SYSCALL_64_after_hwframe+0x44/0xae otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: Existe cadena de: \u0026amp;hdev-\u0026gt;lock --\u0026gt; \u0026amp;chan-\u0026gt;lock#2/1 --\u0026gt; sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP Posible escenario de bloqueo inseguro: CPU0 CPU1 - --- ---- bloqueo(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); bloquear(\u0026amp;chan-\u0026gt;bloquear#2/1); bloquear(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); bloquear(\u0026amp;hdev-\u0026gt;bloquear); *** DEADLOCK *** 1 bloqueo retenido por bluetoothd/1118: #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, en: l2cap_sock_getsockopt+0x8b/0x610 pila [bluetooth] backtrace: CPU: 3 PID: 1118 Comm: bluetoothd No contaminado 5.12.0-rc1-00026-g73d464503354 #10 Nombre de hardware: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16) 31/05/2017 Seguimiento de llamadas: dump_stack+0x7 f/0xa1 check_noncircular+0x105/0x120? __lock_acquire+0x147a/0x1a50 __lock_acquire+0x147a/0x1a50 lock_acquire+0x277/0x3d0 ? hci_conn_get_phy+0x1c/0x150 [bluetooth] ? __lock_acquire+0x2e1/0x1a50? lock_is_held_type+0xb4/0x120? hci_conn_get_phy+0x1c/0x150 [bluetooth] __mutex_lock+0xa3/0xa10 ? hci_conn_get_phy+0x1c/0x150 [bluetooth] ? lock_acquire+0x277/0x3d0? mark_held_locks+0x49/0x70? mark_held_locks+0x49/0x70? hci_conn_get_phy+0x1c/0x150 [bluetooth] hci_conn_get_phy+0x ---truncado---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/17486960d79b900c45e0bb8fbcac0262848582ba\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/332e69eb3bd90370f2d9f2c2ca7974ff523dea17\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7cc0ba67883c6c8d3bddb283f56c167fc837a555\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fee71f480bc1dec5f6ae3b0b185ff12a62bceabc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock that could lead to deadlock. It turns out that hci_conn_get_phy() is not in any way relying on hdev being immutable during the runtime of this function, neither does it even look at any of the members of hdev, and as such there is no need to hold that lock. This fixes the lockdep splat below: ====================================================== WARNING: possible circular locking dependency detected 5.12.0-rc1-00026-g73d464503354 #10 Not tainted ------------------------------------------------------ bluetoothd/1118 is trying to acquire lock: ffff8f078383c078 (&hdev->lock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth] but task is already holding lock: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}: lock_sock_nested+0x72/0xa0 l2cap_sock_ready_cb+0x18/0x70 [bluetooth] l2cap_config_rsp+0x27a/0x520 [bluetooth] l2cap_sig_channel+0x658/0x1330 [bluetooth] l2cap_recv_frame+0x1ba/0x310 [bluetooth] hci_rx_work+0x1cc/0x640 [bluetooth] process_one_work+0x244/0x5f0 worker_thread+0x3c/0x380 kthread+0x13e/0x160 ret_from_fork+0x22/0x30 -> #2 (&chan->lock#2/1){+.+.}-{3:3}: __mutex_lock+0xa3/0xa10 l2cap_chan_connect+0x33a/0x940 [bluetooth] l2cap_sock_connect+0x141/0x2a0 [bluetooth] __sys_connect+0x9b/0xc0 __x64_sys_connect+0x16/0x20 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #1 (&conn->chan_lock){+.+.}-{3:3}: __mutex_lock+0xa3/0xa10 l2cap_chan_connect+0x322/0x940 [bluetooth] l2cap_sock_connect+0x141/0x2a0 [bluetooth] __sys_connect+0x9b/0xc0 __x64_sys_connect+0x16/0x20 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #0 (&hdev->lock){+.+.}-{3:3}: __lock_acquire+0x147a/0x1a50 lock_acquire+0x277/0x3d0 __mutex_lock+0xa3/0xa10 hci_conn_get_phy+0x1c/0x150 [bluetooth] l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth] __sys_getsockopt+0xcc/0x200 __x64_sys_getsockopt+0x20/0x30 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Chain exists of: &hdev->lock --> &chan->lock#2/1 --> sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); lock(&chan->lock#2/1); lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); lock(&hdev->lock); *** DEADLOCK *** 1 lock held by bluetoothd/1118: #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth] stack backtrace: CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10 Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017 Call Trace: dump_stack+0x7f/0xa1 check_noncircular+0x105/0x120 ? __lock_acquire+0x147a/0x1a50 __lock_acquire+0x147a/0x1a50 lock_acquire+0x277/0x3d0 ? hci_conn_get_phy+0x1c/0x150 [bluetooth] ? __lock_acquire+0x2e1/0x1a50 ? lock_is_held_type+0xb4/0x120 ? hci_conn_get_phy+0x1c/0x150 [bluetooth] __mutex_lock+0xa3/0xa10 ? hci_conn_get_phy+0x1c/0x150 [bluetooth] ? lock_acquire+0x277/0x3d0 ? mark_held_locks+0x49/0x70 ? mark_held_locks+0x49/0x70 ? hci_conn_get_phy+0x1c/0x150 [bluetooth] hci_conn_get_phy+0x ---truncated---

Aliases

CVE-2021-47038

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-47038"
      ],
      "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: avoid deadlock between hci_dev-\u003elock and socket lock\n\nCommit eab2404ba798 (\"Bluetooth: Add BT_PHY socket option\") added a\ndependency between socket lock and hci_dev-\u003elock that could lead to\ndeadlock.\n\nIt turns out that hci_conn_get_phy() is not in any way relying on hdev\nbeing immutable during the runtime of this function, neither does it even\nlook at any of the members of hdev, and as such there is no need to hold\nthat lock.\n\nThis fixes the lockdep splat below:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 5.12.0-rc1-00026-g73d464503354 #10 Not tainted\n ------------------------------------------------------\n bluetoothd/1118 is trying to acquire lock:\n ffff8f078383c078 (\u0026hdev-\u003elock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]\n\n but task is already holding lock:\n ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:\n        lock_sock_nested+0x72/0xa0\n        l2cap_sock_ready_cb+0x18/0x70 [bluetooth]\n        l2cap_config_rsp+0x27a/0x520 [bluetooth]\n        l2cap_sig_channel+0x658/0x1330 [bluetooth]\n        l2cap_recv_frame+0x1ba/0x310 [bluetooth]\n        hci_rx_work+0x1cc/0x640 [bluetooth]\n        process_one_work+0x244/0x5f0\n        worker_thread+0x3c/0x380\n        kthread+0x13e/0x160\n        ret_from_fork+0x22/0x30\n\n -\u003e #2 (\u0026chan-\u003elock#2/1){+.+.}-{3:3}:\n        __mutex_lock+0xa3/0xa10\n        l2cap_chan_connect+0x33a/0x940 [bluetooth]\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n        __sys_connect+0x9b/0xc0\n        __x64_sys_connect+0x16/0x20\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #1 (\u0026conn-\u003echan_lock){+.+.}-{3:3}:\n        __mutex_lock+0xa3/0xa10\n        l2cap_chan_connect+0x322/0x940 [bluetooth]\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n        __sys_connect+0x9b/0xc0\n        __x64_sys_connect+0x16/0x20\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #0 (\u0026hdev-\u003elock){+.+.}-{3:3}:\n        __lock_acquire+0x147a/0x1a50\n        lock_acquire+0x277/0x3d0\n        __mutex_lock+0xa3/0xa10\n        hci_conn_get_phy+0x1c/0x150 [bluetooth]\n        l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]\n        __sys_getsockopt+0xcc/0x200\n        __x64_sys_getsockopt+0x20/0x30\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n other info that might help us debug this:\n\n Chain exists of:\n   \u0026hdev-\u003elock --\u003e \u0026chan-\u003elock#2/1 --\u003e sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP\n\n  Possible unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n   lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n                                lock(\u0026chan-\u003elock#2/1);\n                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n   lock(\u0026hdev-\u003elock);\n\n  *** DEADLOCK ***\n\n 1 lock held by bluetoothd/1118:\n  #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]\n\n stack backtrace:\n CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10\n Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017\n Call Trace:\n  dump_stack+0x7f/0xa1\n  check_noncircular+0x105/0x120\n  ? __lock_acquire+0x147a/0x1a50\n  __lock_acquire+0x147a/0x1a50\n  lock_acquire+0x277/0x3d0\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  ? __lock_acquire+0x2e1/0x1a50\n  ? lock_is_held_type+0xb4/0x120\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  __mutex_lock+0xa3/0xa10\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  ? lock_acquire+0x277/0x3d0\n  ? mark_held_locks+0x49/0x70\n  ? mark_held_locks+0x49/0x70\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  hci_conn_get_phy+0x\n---truncated---",
      "id": "GSD-2021-47038",
      "modified": "2024-02-28T06:03:55.891323Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@kernel.org",
        "ID": "CVE-2021-47038",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "eab2404ba798",
                          "version_value": "7cc0ba67883c"
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "5.7"
                              },
                              {
                                "lessThan": "5.7",
                                "status": "unaffected",
                                "version": "0",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.10.*",
                                "status": "unaffected",
                                "version": "5.10.37",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.11.*",
                                "status": "unaffected",
                                "version": "5.11.21",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.12.*",
                                "status": "unaffected",
                                "version": "5.12.4",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "*",
                                "status": "unaffected",
                                "version": "5.13",
                                "versionType": "original_commit_for_fix"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: avoid deadlock between hci_dev-\u003elock and socket lock\n\nCommit eab2404ba798 (\"Bluetooth: Add BT_PHY socket option\") added a\ndependency between socket lock and hci_dev-\u003elock that could lead to\ndeadlock.\n\nIt turns out that hci_conn_get_phy() is not in any way relying on hdev\nbeing immutable during the runtime of this function, neither does it even\nlook at any of the members of hdev, and as such there is no need to hold\nthat lock.\n\nThis fixes the lockdep splat below:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 5.12.0-rc1-00026-g73d464503354 #10 Not tainted\n ------------------------------------------------------\n bluetoothd/1118 is trying to acquire lock:\n ffff8f078383c078 (\u0026hdev-\u003elock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]\n\n but task is already holding lock:\n ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:\n        lock_sock_nested+0x72/0xa0\n        l2cap_sock_ready_cb+0x18/0x70 [bluetooth]\n        l2cap_config_rsp+0x27a/0x520 [bluetooth]\n        l2cap_sig_channel+0x658/0x1330 [bluetooth]\n        l2cap_recv_frame+0x1ba/0x310 [bluetooth]\n        hci_rx_work+0x1cc/0x640 [bluetooth]\n        process_one_work+0x244/0x5f0\n        worker_thread+0x3c/0x380\n        kthread+0x13e/0x160\n        ret_from_fork+0x22/0x30\n\n -\u003e #2 (\u0026chan-\u003elock#2/1){+.+.}-{3:3}:\n        __mutex_lock+0xa3/0xa10\n        l2cap_chan_connect+0x33a/0x940 [bluetooth]\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n        __sys_connect+0x9b/0xc0\n        __x64_sys_connect+0x16/0x20\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #1 (\u0026conn-\u003echan_lock){+.+.}-{3:3}:\n        __mutex_lock+0xa3/0xa10\n        l2cap_chan_connect+0x322/0x940 [bluetooth]\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n        __sys_connect+0x9b/0xc0\n        __x64_sys_connect+0x16/0x20\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #0 (\u0026hdev-\u003elock){+.+.}-{3:3}:\n        __lock_acquire+0x147a/0x1a50\n        lock_acquire+0x277/0x3d0\n        __mutex_lock+0xa3/0xa10\n        hci_conn_get_phy+0x1c/0x150 [bluetooth]\n        l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]\n        __sys_getsockopt+0xcc/0x200\n        __x64_sys_getsockopt+0x20/0x30\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n other info that might help us debug this:\n\n Chain exists of:\n   \u0026hdev-\u003elock --\u003e \u0026chan-\u003elock#2/1 --\u003e sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP\n\n  Possible unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n   lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n                                lock(\u0026chan-\u003elock#2/1);\n                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n   lock(\u0026hdev-\u003elock);\n\n  *** DEADLOCK ***\n\n 1 lock held by bluetoothd/1118:\n  #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]\n\n stack backtrace:\n CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10\n Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017\n Call Trace:\n  dump_stack+0x7f/0xa1\n  check_noncircular+0x105/0x120\n  ? __lock_acquire+0x147a/0x1a50\n  __lock_acquire+0x147a/0x1a50\n  lock_acquire+0x277/0x3d0\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  ? __lock_acquire+0x2e1/0x1a50\n  ? lock_is_held_type+0xb4/0x120\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  __mutex_lock+0xa3/0xa10\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  ? lock_acquire+0x277/0x3d0\n  ? mark_held_locks+0x49/0x70\n  ? mark_held_locks+0x49/0x70\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  hci_conn_get_phy+0x\n---truncated---"
          }
        ]
      },
      "generator": {
        "engine": "bippy-c298863b1525"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/stable/c/7cc0ba67883c6c8d3bddb283f56c167fc837a555",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/7cc0ba67883c6c8d3bddb283f56c167fc837a555"
          },
          {
            "name": "https://git.kernel.org/stable/c/fee71f480bc1dec5f6ae3b0b185ff12a62bceabc",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/fee71f480bc1dec5f6ae3b0b185ff12a62bceabc"
          },
          {
            "name": "https://git.kernel.org/stable/c/332e69eb3bd90370f2d9f2c2ca7974ff523dea17",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/332e69eb3bd90370f2d9f2c2ca7974ff523dea17"
          },
          {
            "name": "https://git.kernel.org/stable/c/17486960d79b900c45e0bb8fbcac0262848582ba",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/17486960d79b900c45e0bb8fbcac0262848582ba"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: avoid deadlock between hci_dev-\u003elock and socket lock\n\nCommit eab2404ba798 (\"Bluetooth: Add BT_PHY socket option\") added a\ndependency between socket lock and hci_dev-\u003elock that could lead to\ndeadlock.\n\nIt turns out that hci_conn_get_phy() is not in any way relying on hdev\nbeing immutable during the runtime of this function, neither does it even\nlook at any of the members of hdev, and as such there is no need to hold\nthat lock.\n\nThis fixes the lockdep splat below:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 5.12.0-rc1-00026-g73d464503354 #10 Not tainted\n ------------------------------------------------------\n bluetoothd/1118 is trying to acquire lock:\n ffff8f078383c078 (\u0026hdev-\u003elock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]\n\n but task is already holding lock:\n ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:\n        lock_sock_nested+0x72/0xa0\n        l2cap_sock_ready_cb+0x18/0x70 [bluetooth]\n        l2cap_config_rsp+0x27a/0x520 [bluetooth]\n        l2cap_sig_channel+0x658/0x1330 [bluetooth]\n        l2cap_recv_frame+0x1ba/0x310 [bluetooth]\n        hci_rx_work+0x1cc/0x640 [bluetooth]\n        process_one_work+0x244/0x5f0\n        worker_thread+0x3c/0x380\n        kthread+0x13e/0x160\n        ret_from_fork+0x22/0x30\n\n -\u003e #2 (\u0026chan-\u003elock#2/1){+.+.}-{3:3}:\n        __mutex_lock+0xa3/0xa10\n        l2cap_chan_connect+0x33a/0x940 [bluetooth]\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n        __sys_connect+0x9b/0xc0\n        __x64_sys_connect+0x16/0x20\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #1 (\u0026conn-\u003echan_lock){+.+.}-{3:3}:\n        __mutex_lock+0xa3/0xa10\n        l2cap_chan_connect+0x322/0x940 [bluetooth]\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n        __sys_connect+0x9b/0xc0\n        __x64_sys_connect+0x16/0x20\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #0 (\u0026hdev-\u003elock){+.+.}-{3:3}:\n        __lock_acquire+0x147a/0x1a50\n        lock_acquire+0x277/0x3d0\n        __mutex_lock+0xa3/0xa10\n        hci_conn_get_phy+0x1c/0x150 [bluetooth]\n        l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]\n        __sys_getsockopt+0xcc/0x200\n        __x64_sys_getsockopt+0x20/0x30\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n other info that might help us debug this:\n\n Chain exists of:\n   \u0026hdev-\u003elock --\u003e \u0026chan-\u003elock#2/1 --\u003e sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP\n\n  Possible unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n   lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n                                lock(\u0026chan-\u003elock#2/1);\n                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n   lock(\u0026hdev-\u003elock);\n\n  *** DEADLOCK ***\n\n 1 lock held by bluetoothd/1118:\n  #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]\n\n stack backtrace:\n CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10\n Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017\n Call Trace:\n  dump_stack+0x7f/0xa1\n  check_noncircular+0x105/0x120\n  ? __lock_acquire+0x147a/0x1a50\n  __lock_acquire+0x147a/0x1a50\n  lock_acquire+0x277/0x3d0\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  ? __lock_acquire+0x2e1/0x1a50\n  ? lock_is_held_type+0xb4/0x120\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  __mutex_lock+0xa3/0xa10\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  ? lock_acquire+0x277/0x3d0\n  ? mark_held_locks+0x49/0x70\n  ? mark_held_locks+0x49/0x70\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  hci_conn_get_phy+0x\n---truncated---"
          }
        ],
        "id": "CVE-2021-47038",
        "lastModified": "2024-02-28T14:06:45.783",
        "metrics": {},
        "published": "2024-02-28T09:15:39.893",
        "references": [
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/17486960d79b900c45e0bb8fbcac0262848582ba"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/332e69eb3bd90370f2d9f2c2ca7974ff523dea17"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/7cc0ba67883c6c8d3bddb283f56c167fc837a555"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/fee71f480bc1dec5f6ae3b0b185ff12a62bceabc"
          }
        ],
        "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

wid-sec-w-2024-0499

Vulnerability from csaf_certbund

Published

2024-02-27 23:00

Modified

2024-06-11 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0499 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0499.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0499 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0499"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022841-CVE-2021-47053-c68d@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022841-CVE-2021-47052-3cca@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022840-CVE-2021-47051-cf30@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022840-CVE-2021-47050-5ba5@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022840-CVE-2021-47049-5cc6@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022837-CVE-2021-47039-638f@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022838-CVE-2021-47040-8722@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022838-CVE-2021-47041-de92@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022838-CVE-2021-47042-142d@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022838-CVE-2021-47043-cb3c@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47044-2e16@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47045-7363@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47046-3ffe@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47047-4c75@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022840-CVE-2021-47048-8586@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022830-CVE-2021-47009-3f56@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022831-CVE-2021-47012-73c5@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022831-CVE-2021-47013-034a@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022831-CVE-2021-47014-ffc7@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022832-CVE-2021-47015-c2ae@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022832-CVE-2021-47017-c3e8@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022832-CVE-2021-47018-f631@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022832-CVE-2021-47019-9b9a@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022837-CVE-2021-47037-d130@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022837-CVE-2021-47038-bfcf@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
        "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018527.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1644-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018528.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1647-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018525.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1641-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018531.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018530.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018533.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1659-1 vom 2024-05-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018538.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3462 vom 2024-05-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:3462"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3618 vom 2024-06-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:3618"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3627 vom 2024-06-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:3627"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-3618 vom 2024-06-06",
        "url": "https://linux.oracle.com/errata/ELSA-2024-3618.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3810 vom 2024-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2024:3810"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2024-06-11T22:00:00.000+00:00",
      "generator": {
        "date": "2024-06-12T08:09:45.354+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0499",
      "initial_release_date": "2024-02-27T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-27T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-03-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-24T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-28T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-05-14T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-04T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-06-06T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "13"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "virtual",
                "product": {
                  "name": "Dell NetWorker virtual",
                  "product_id": "T034583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:virtual"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.13",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.13",
                  "product_id": "T033141",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-47009",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47009"
    },
    {
      "cve": "CVE-2021-47012",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47012"
    },
    {
      "cve": "CVE-2021-47013",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47013"
    },
    {
      "cve": "CVE-2021-47014",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47014"
    },
    {
      "cve": "CVE-2021-47015",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47015"
    },
    {
      "cve": "CVE-2021-47017",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47017"
    },
    {
      "cve": "CVE-2021-47018",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47018"
    },
    {
      "cve": "CVE-2021-47019",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47019"
    },
    {
      "cve": "CVE-2021-47037",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47037"
    },
    {
      "cve": "CVE-2021-47038",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47038"
    },
    {
      "cve": "CVE-2021-47039",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47039"
    },
    {
      "cve": "CVE-2021-47040",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47040"
    },
    {
      "cve": "CVE-2021-47041",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47041"
    },
    {
      "cve": "CVE-2021-47042",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47042"
    },
    {
      "cve": "CVE-2021-47043",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47043"
    },
    {
      "cve": "CVE-2021-47044",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47044"
    },
    {
      "cve": "CVE-2021-47045",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47045"
    },
    {
      "cve": "CVE-2021-47046",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47046"
    },
    {
      "cve": "CVE-2021-47047",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47047"
    },
    {
      "cve": "CVE-2021-47048",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47048"
    },
    {
      "cve": "CVE-2021-47049",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47049"
    },
    {
      "cve": "CVE-2021-47050",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47050"
    },
    {
      "cve": "CVE-2021-47051",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47051"
    },
    {
      "cve": "CVE-2021-47052",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47052"
    },
    {
      "cve": "CVE-2021-47053",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie scsi, io_uring oder ath10k, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einem out-of-bounds read, einer race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T034583",
          "T004914"
        ]
      },
      "release_date": "2024-02-27T23:00:00Z",
      "title": "CVE-2021-47053"
    }
  ]
}

ghsa-3jvq-9rg9-g8rp

Vulnerability from github

Published

2024-02-28 09:30

Modified

2024-02-28 09:30

Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: avoid deadlock between hci_dev->lock and socket lock

Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock that could lead to deadlock.

It turns out that hci_conn_get_phy() is not in any way relying on hdev being immutable during the runtime of this function, neither does it even look at any of the members of hdev, and as such there is no need to hold that lock.

This fixes the lockdep splat below:

====================================================== WARNING: possible circular locking dependency detected 5.12.0-rc1-00026-g73d464503354 #10 Not tainted

bluetoothd/1118 is trying to acquire lock: ffff8f078383c078 (&hdev->lock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]

but task is already holding lock: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}: lock_sock_nested+0x72/0xa0 l2cap_sock_ready_cb+0x18/0x70 [bluetooth] l2cap_config_rsp+0x27a/0x520 [bluetooth] l2cap_sig_channel+0x658/0x1330 [bluetooth] l2cap_recv_frame+0x1ba/0x310 [bluetooth] hci_rx_work+0x1cc/0x640 [bluetooth] process_one_work+0x244/0x5f0 worker_thread+0x3c/0x380 kthread+0x13e/0x160 ret_from_fork+0x22/0x30

-> #2 (&chan->lock#2/1){+.+.}-{3:3}: __mutex_lock+0xa3/0xa10 l2cap_chan_connect+0x33a/0x940 [bluetooth] l2cap_sock_connect+0x141/0x2a0 [bluetooth] __sys_connect+0x9b/0xc0 __x64_sys_connect+0x16/0x20 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae

-> #1 (&conn->chan_lock){+.+.}-{3:3}: __mutex_lock+0xa3/0xa10 l2cap_chan_connect+0x322/0x940 [bluetooth] l2cap_sock_connect+0x141/0x2a0 [bluetooth] __sys_connect+0x9b/0xc0 __x64_sys_connect+0x16/0x20 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae

-> #0 (&hdev->lock){+.+.}-{3:3}: __lock_acquire+0x147a/0x1a50 lock_acquire+0x277/0x3d0 __mutex_lock+0xa3/0xa10 hci_conn_get_phy+0x1c/0x150 [bluetooth] l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth] __sys_getsockopt+0xcc/0x200 __x64_sys_getsockopt+0x20/0x30 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae

other info that might help us debug this:

Chain exists of: &hdev->lock --> &chan->lock#2/1 --> sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP

Possible unsafe locking scenario:

    CPU0                    CPU1
    ----                    ----

lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); lock(&chan->lock#2/1); lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP); lock(&hdev->lock);

*** DEADLOCK ***

1 lock held by bluetoothd/1118: #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]

stack backtrace: CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10 Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017 Call Trace: dump_stack+0x7f/0xa1 check_noncircular+0x105/0x120 ? __lock_acquire+0x147a/0x1a50 __lock_acquire+0x147a/0x1a50 lock_acquire+0x277/0x3d0 ? hci_conn_get_phy+0x1c/0x150 [bluetooth] ? __lock_acquire+0x2e1/0x1a50 ? lock_is_held_type+0xb4/0x120 ? hci_conn_get_phy+0x1c/0x150 [bluetooth] __mutex_lock+0xa3/0xa10 ? hci_conn_get_phy+0x1c/0x150 [bluetooth] ? lock_acquire+0x277/0x3d0 ? mark_held_locks+0x49/0x70 ? mark_held_locks+0x49/0x70 ? hci_conn_get_phy+0x1c/0x150 [bluetooth] hci_conn_get_phy+0x ---truncated---

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-47038"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-28T09:15:39Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: avoid deadlock between hci_dev-\u003elock and socket lock\n\nCommit eab2404ba798 (\"Bluetooth: Add BT_PHY socket option\") added a\ndependency between socket lock and hci_dev-\u003elock that could lead to\ndeadlock.\n\nIt turns out that hci_conn_get_phy() is not in any way relying on hdev\nbeing immutable during the runtime of this function, neither does it even\nlook at any of the members of hdev, and as such there is no need to hold\nthat lock.\n\nThis fixes the lockdep splat below:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 5.12.0-rc1-00026-g73d464503354 #10 Not tainted\n ------------------------------------------------------\n bluetoothd/1118 is trying to acquire lock:\n ffff8f078383c078 (\u0026hdev-\u003elock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]\n\n but task is already holding lock:\n ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:\n        lock_sock_nested+0x72/0xa0\n        l2cap_sock_ready_cb+0x18/0x70 [bluetooth]\n        l2cap_config_rsp+0x27a/0x520 [bluetooth]\n        l2cap_sig_channel+0x658/0x1330 [bluetooth]\n        l2cap_recv_frame+0x1ba/0x310 [bluetooth]\n        hci_rx_work+0x1cc/0x640 [bluetooth]\n        process_one_work+0x244/0x5f0\n        worker_thread+0x3c/0x380\n        kthread+0x13e/0x160\n        ret_from_fork+0x22/0x30\n\n -\u003e #2 (\u0026chan-\u003elock#2/1){+.+.}-{3:3}:\n        __mutex_lock+0xa3/0xa10\n        l2cap_chan_connect+0x33a/0x940 [bluetooth]\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n        __sys_connect+0x9b/0xc0\n        __x64_sys_connect+0x16/0x20\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #1 (\u0026conn-\u003echan_lock){+.+.}-{3:3}:\n        __mutex_lock+0xa3/0xa10\n        l2cap_chan_connect+0x322/0x940 [bluetooth]\n        l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n        __sys_connect+0x9b/0xc0\n        __x64_sys_connect+0x16/0x20\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -\u003e #0 (\u0026hdev-\u003elock){+.+.}-{3:3}:\n        __lock_acquire+0x147a/0x1a50\n        lock_acquire+0x277/0x3d0\n        __mutex_lock+0xa3/0xa10\n        hci_conn_get_phy+0x1c/0x150 [bluetooth]\n        l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]\n        __sys_getsockopt+0xcc/0x200\n        __x64_sys_getsockopt+0x20/0x30\n        do_syscall_64+0x33/0x80\n        entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n other info that might help us debug this:\n\n Chain exists of:\n   \u0026hdev-\u003elock --\u003e \u0026chan-\u003elock#2/1 --\u003e sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP\n\n  Possible unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n   lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n                                lock(\u0026chan-\u003elock#2/1);\n                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n   lock(\u0026hdev-\u003elock);\n\n  *** DEADLOCK ***\n\n 1 lock held by bluetoothd/1118:\n  #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]\n\n stack backtrace:\n CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10\n Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017\n Call Trace:\n  dump_stack+0x7f/0xa1\n  check_noncircular+0x105/0x120\n  ? __lock_acquire+0x147a/0x1a50\n  __lock_acquire+0x147a/0x1a50\n  lock_acquire+0x277/0x3d0\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  ? __lock_acquire+0x2e1/0x1a50\n  ? lock_is_held_type+0xb4/0x120\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  __mutex_lock+0xa3/0xa10\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  ? lock_acquire+0x277/0x3d0\n  ? mark_held_locks+0x49/0x70\n  ? mark_held_locks+0x49/0x70\n  ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n  hci_conn_get_phy+0x\n---truncated---",
  "id": "GHSA-3jvq-9rg9-g8rp",
  "modified": "2024-02-28T09:30:38Z",
  "published": "2024-02-28T09:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47038"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17486960d79b900c45e0bb8fbcac0262848582ba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/332e69eb3bd90370f2d9f2c2ca7974ff523dea17"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7cc0ba67883c6c8d3bddb283f56c167fc837a555"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fee71f480bc1dec5f6ae3b0b185ff12a62bceabc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2021-47038

Vulnerability from cvelistv5

gsd-2021-47038

Vulnerability from gsd

wid-sec-w-2024-0499

Vulnerability from csaf_certbund

ghsa-3jvq-9rg9-g8rp

Vulnerability from github

Tags

Sightings

Nomenclature