Linux Kernel Bluetooth Workqueue Vulnerability During Timer Work Queuing

A vulnerability in the Linux kernel's Bluetooth subsystem has been addressed. The issue arose when the Bluetooth host controller interface (HCI) workqueue was drained, preventing the proper scheduling of command timer works. This problem was reported by syzbot, which identified attempts to queue command work from a system workqueue into a drained Bluetooth workqueue. The vulnerability affected several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could disrupt the normal operation of Bluetooth command processing, potentially leading to missed commands or improper handling of Bluetooth events.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.