Linux Kernel Bluetooth Possible Deadlock Vulnerability in RFCOMM State Change Handling

A vulnerability in the Linux kernel's Bluetooth implementation could lead to a deadlock during RFCOMM state change operations. The issue arises because the function 'rfcomm_sock_connect' acquires a socket lock and waits for the RFCOMM lock, while 'rfcomm_sock_release' could simultaneously hold the RFCOMM lock and attempt to acquire the socket lock, creating a deadlock situation. This vulnerability has been addressed by modifying the lock management to prevent such a deadlock, ensuring that the socket lock is released before opening a DLC connection, and maintaining the socket's reference count to avoid use-after-free issues.

Impact

Exploitation of this vulnerability could lead to a deadlock condition, causing the system to hang or become unresponsive while waiting for locks to be released.