Linux Kernel Bluetooth btnxpuart TX Timeout Vulnerability in Power Save Mode

A Bluetooth transmission timeout vulnerability has been addressed in the Linux kernel's btnxpuart driver. This issue occurred during a power save stress test, where the interval between HCI commands matched the power save timeout of 2 seconds. The timeout was caused by a conflict between the power save mechanism and the transmission workflow, leading to missed commands and connection timeouts. The vulnerability affected several versions of the Linux kernel.

Impact

The vulnerability caused a Bluetooth transmission timeout, disrupting communication and potentially leading to missed commands and connection timeouts.

Reproduction

The vulnerability can be reproduced by loading the btnxpuart kernel module and enabling the power save feature on the Bluetooth interface. A script can be used to send advertising commands every 2 seconds, which will interfere with the power save mechanism and cause a transmission timeout error.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been fixed. Instructions for downloading the updated kernel can be found on the official Linux kernel website.