Linux Kernel Bluetooth Circular Lock Vulnerability in Iso Protocol

Vulnerability

A vulnerability in the Linux kernel's Bluetooth implementation has been addressed, specifically within the ISO (synchronous) protocol handling. The issue involved a circular locking dependency that could lead to a deadlock. This vulnerability was present in version 6.12.0-rc6 and possibly other versions. The problem arose because the socket lock was acquired before the ISO listening function was called, creating a scenario where two locks were held simultaneously, potentially causing a deadlock. The vulnerability has been resolved by releasing the socket lock prior to entering the ISO listening function, thereby preventing any conflict with the device lock.

Impact

Exploitation of this vulnerability could have led to a deadlock situation, where two processes are stuck waiting for each other to release locks, causing a freeze in the Bluetooth handling of the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth Circular Lock Vulnerability in Iso Protocol

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating