Linux Kernel Bluetooth Management Flag Race Condition Vulnerability

A race condition vulnerability has been identified in the Bluetooth management subsystem of the Linux kernel. This issue arises in the 'mgmt_init_hdev' function, where the 'HCI_MGMT' flag is set. The vulnerability occurs because this flag setting can race with the 'HCI_MGMT' flag testing in the 'mgmt_index_removed' function, due to insufficient serialization. The 'mgmt_init_hdev' function is called with the 'mgmt_chan_list_lock' held, allowing for a local fix by separating the flag test and set operations. However, the lack of proper serialization may lead to other race conditions, indicating the need for a global fix in the future.

Impact

Exploitation of this vulnerability can lead to race conditions, where the timing of events can be manipulated, potentially causing unexpected behavior in the Bluetooth management functions.

Remediation

Users can apply the patch available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel documentation.