Linux Kernel Bluetooth Subsystem Device Addition Vulnerability

A vulnerability exists in the Linux kernel's Bluetooth subsystem, specifically within the handling of device additions to the system file interface. The issue arises because the 'device_add' function is called multiple times for the same device, contrary to the function's documentation. This mismanagement can lead to a kernel crash, as reported by the Syzkaller fuzzer, which encountered a kernel bug related to this issue. The vulnerability is present in the stable versions of the Linux kernel.

Impact

The vulnerability can cause a kernel crash, leading to a denial of service by causing a system instability where the kernel fails to operate correctly, potentially requiring a reboot to restore normal functionality.

Reproduction

The vulnerability can be reproduced by creating a Bluetooth connection and adding it to the system file interface without properly checking if the device is already registered. This can be done by modifying the Bluetooth event handling code to omit the registration check, allowing 'device_add' to be called multiple times for the same connection.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.