CVE-2024-26959 in Linuxinfo

Summary

by MITRE • 05/01/2024

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btnxpuart: Fix btnxpuart_close

Fix scheduling while atomic BUG in btnxpuart_close(), properly purge the transmit queue and free the receive skb.

[ 10.973809] BUG: scheduling while atomic: kworker/u9:0/80/0x00000002
... [ 10.980740] CPU: 3 PID: 80 Comm: kworker/u9:0 Not tainted 6.8.0-rc7-0.0.0-devel-00005-g61fdfceacf09 #1
[ 10.980751] Hardware name: Toradex Verdin AM62 WB on Dahlia Board (DT)
[ 10.980760] Workqueue: hci0 hci_power_off [bluetooth]
[ 10.981169] Call trace:
... [ 10.981363] uart_update_mctrl+0x58/0x78
[ 10.981373] uart_dtr_rts+0x104/0x114
[ 10.981381] tty_port_shutdown+0xd4/0xdc
[ 10.981396] tty_port_close+0x40/0xbc
[ 10.981407] uart_close+0x34/0x9c
[ 10.981414] ttyport_close+0x50/0x94
[ 10.981430] serdev_device_close+0x40/0x50
[ 10.981442] btnxpuart_close+0x24/0x98 [btnxpuart]
[ 10.981469] hci_dev_close_sync+0x2d8/0x718 [bluetooth]
[ 10.981728] hci_dev_do_close+0x2c/0x70 [bluetooth]
[ 10.981862] hci_power_off+0x20/0x64 [bluetooth]

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 01/26/2026

The vulnerability identified as CVE-2024-26959 resides within the Linux kernel's bluetooth subsystem, specifically affecting the btnxpuart driver module. This issue manifests as a critical scheduling while atomic bug that occurs during the closure of bluetooth serial connections. The flaw is particularly concerning because it involves kernel-level operations that execute in atomic context, where the system must avoid any scheduling activities that could lead to system instability or crashes. The bug was triggered when the btnxpuart_close function attempted to perform operations that violated atomic execution constraints, leading to a kernel panic and system termination.

The technical root cause of this vulnerability stems from improper handling of kernel workqueues and queue management within the bluetooth serial driver. When the bluetooth device closes, the btnxpuart_close function attempts to purge transmit queues and free receive sk_buff structures, but it does so in a manner that conflicts with atomic execution requirements. The call trace reveals that the error originates from the hci_power_off workqueue handler, which is part of the bluetooth subsystem's power management routines. During the device shutdown sequence, the system attempts to update modem control lines and perform tty port shutdown operations, but these operations inadvertently schedule tasks while already in atomic context, violating fundamental kernel design principles.

This vulnerability presents significant operational impact across various embedded and mobile platforms that rely on bluetooth connectivity through the btnxpuart driver. The issue affects systems using the Linux kernel version 6.8.0-rc7 and potentially earlier versions where the problematic code path exists. The bug can be triggered through normal bluetooth device operations, particularly when devices are powered off or disconnected, making it exploitable in both legitimate and malicious scenarios. The scheduling while atomic condition creates a kernel panic that halts system operation, potentially leading to data loss, service interruption, and denial of service conditions in embedded systems where bluetooth connectivity is critical for device functionality.

The fix for CVE-2024-26959 addresses the core scheduling violation by ensuring proper queue management and atomic context handling during device closure. The solution involves modifying the btnxpuart_close function to avoid scheduling operations while in atomic context, specifically by properly purging transmit queues and freeing receive sk_buff structures without triggering additional scheduling events. This remediation aligns with CWE-362, which addresses concurrent execution issues where improper synchronization can lead to race conditions and system instability. The fix ensures that all queue operations occur in appropriate contexts that do not violate atomic execution constraints, preventing the kernel from entering an inconsistent state during device shutdown procedures.

From a cybersecurity perspective, this vulnerability represents a critical threat to embedded systems and IoT devices that utilize bluetooth connectivity for device management and communication. The issue falls under ATT&CK technique T1547.001, which covers system service modifications, as it affects the underlying kernel services that manage device connectivity. The vulnerability also relates to T1499.004, which involves network denial of service through kernel-level attacks, as exploitation could result in system crashes and complete service interruption. Organizations deploying systems using affected Linux kernel versions should prioritize patching to prevent potential exploitation that could lead to unauthorized access or service disruption in critical infrastructure environments. The fix demonstrates proper kernel development practices by ensuring atomic context compliance and appropriate resource management during device lifecycle operations.

Reservation

02/19/2024

Disclosure

05/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00222

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!