CVE-2024-41063
📋 TL;DR
A race condition vulnerability in the Linux kernel's Bluetooth subsystem can cause a deadlock during device cleanup, leading to denial of service. This affects systems with Bluetooth hardware and the vulnerable kernel versions. Attackers could potentially crash the kernel or cause system instability.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash requiring physical reboot, potentially causing data loss or service disruption.
Likely Case
Bluetooth subsystem becomes unresponsive, requiring system restart to restore functionality.
If Mitigated
Minimal impact with proper patching; at worst, temporary Bluetooth service interruption.
🎯 Exploit Status
Exploitation requires triggering specific race conditions during Bluetooth device cleanup. Discovered through syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits: 0d151a103775dd9645c78c97f77d6e2a5298d913, 3f939bd73fed12dddc2a32a76116c19ca47c7678, 48542881997e17b49dc16b93fe910e0cfcf7a9f9, 96600c2e5ee8213dbab5df1617293d8e847bb4fa, 9cfc84b1d464cc024286f42a090718f9067b80ed
Vendor Advisory: https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable Bluetooth
linuxCompletely disable Bluetooth functionality to prevent vulnerability trigger
sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo rfkill block bluetooth
🧯 If You Can't Patch
- Disable Bluetooth hardware in BIOS/UEFI if not needed
- Implement strict access controls to prevent unauthorized local users from accessing Bluetooth functionality
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's security advisories. Vulnerable if using unpatched kernel with Bluetooth enabled.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and Bluetooth functionality works without deadlocks during device removal.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Bluetooth subsystem crash logs
- Workqueue deadlock warnings in dmesg
Network Indicators:
- Sudden loss of Bluetooth connectivity
- Bluetooth devices failing to pair/disconnect
SIEM Query:
source="kernel" AND ("deadlock" OR "workqueue" OR "hci_error_reset" OR "destroy_workqueue")🔗 References
- https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913
- https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678
- https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9
- https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa
- https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed
- https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f
- https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39
- https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92
- https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913
- https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678
- https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9
- https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa
- https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed
- https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f
- https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39
- https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
