Linux Kernel Bluetooth btsdio Component Use-After-Free Vulnerability Reversion

A vulnerability has been identified in the Linux kernel's Bluetooth btsdio component, specifically related to a use-after-free issue in the btsdio_remove function. This vulnerability arises from a race condition that was not properly managed, allowing for potential memory corruption. The problem was introduced by a previous commit that attempted to fix an unfinished work issue but inadvertently created a new problem by not correctly handling the work synchronization. The vulnerability exists in the stable branch of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by applying the original patch that introduced the use-after-free bug, which can be found in the Linux kernel's Bluetooth btsdio driver. After applying this patch, the btsdio_remove function can be called in a way that triggers the use-after-free condition, such as by simulating a race condition that interferes with the work synchronization.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.