CVE-2025-21827 in Linuxinformación

Resumen

por MITRE • 2025-03-06

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface() The documentation for usb_driver_claim_interface() says that "the device lock" is needed when the function is called from places other than probe(). This appears to be the lock for the USB interface device. The Mediatek btusb code gets called via this path: Workqueue: hci0 hci_power_on [bluetooth] Call trace: usb_driver_claim_interface btusb_mtk_claim_iso_intf btusb_mtk_setup hci_dev_open_sync hci_power_on process_scheduled_works worker_thread kthread With the above call trace the device lock hasn't been claimed. Claim it. Without this fix, we'd sometimes see the error "Failed to claim iso interface". Sometimes we'd even see worse errors, like a NULL pointer dereference (where `intf->dev.driver` was NULL) with a trace like: Call trace: usb_suspend_both usb_runtime_suspend __rpm_callback rpm_suspend pm_runtime_work process_scheduled_works Ambos errores parecen solucionarse con el bloqueo adecuado.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

Linux

Reservar

2024-12-29

Divulgación

2025-03-06

Moderación

aceptado

Artículo

VDB-298849

CPE

listo

EPSS

0.00131

KEV

no

Actividades

muy bajo

Fuentes

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!