Linux Kernel Bluetooth Command Synchronization Vulnerability

A vulnerability in the Linux kernel's Bluetooth subsystem has been addressed. The issue was related to the command synchronization function 'hci_cmd_sync_queue_once()', which did not properly indicate whether a command had been successfully queued. This lack of feedback could lead to resource leaks. The vulnerability affected the stable versions of the Linux kernel.

Impact

The vulnerability could cause resource leaks by not properly managing queued command synchronization, potentially leading to degraded system performance or stability.

Reproduction

The vulnerability can be reproduced by calling the 'hci_cmd_sync_queue_once()' function in a context where a command synchronization queue item already exists. The function will return -EEXIST, indicating that the item was not added because it was already present in the queue. This behavior can be observed in several Bluetooth command handling functions that rely on 'hci_cmd_sync_queue_once()' to manage synchronization callbacks.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed. Instructions for downloading the updated kernel can be found on the official Linux kernel website.