Описание
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_conn: Use disable_delayed_work_sync
This makes use of disable_delayed_work_sync instead
cancel_delayed_work_sync as it not only cancel the ongoing work but also
disables new submit which is disarable since the object holding the work
is about to be freed.
A flaw was found in the Bluetooth subsystem of the Linux kernel, in the handling of delayed work within the hci_conn (Host Controller Interface connection) structure. The kernel used cancel_delayed_work_sync() when shutting down a connection, which cancels ongoing work but allows rescheduling. This could result in use-after-free conditions if the work is resubmitted after the associated object has been freed. Replacing it with disable_delayed_work_sync() prevents further scheduling, ensuring proper cleanup. A local attacker could potentially exploit this to trigger a use-after-free, leading to a denial of service or possible code execution.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:6966 | 13.05.2025 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:6966 | 13.05.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Use disable_delayed_work_sync This makes use of disable_delayed_work_sync instead cancel_delayed_work_sync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding the work is about to be freed.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Use disable_delayed_work_sync This makes use of disable_delayed_work_sync instead cancel_delayed_work_sync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding the work is about to be freed.
In the Linux kernel, the following vulnerability has been resolved: B ...
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Use disable_delayed_work_sync This makes use of disable_delayed_work_sync instead cancel_delayed_work_sync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding the work is about to be freed.
EPSS
5.5 Medium
CVSS3