{"id":"CVE-2024-54460","summary":"Bluetooth: iso: Fix circular lock in iso_listen_bis","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: iso: Fix circular lock in iso_listen_bis\n\nThis fixes the circular locking dependency warning below, by\nreleasing the socket lock before enterning iso_listen_bis, to\navoid any potential deadlock with hdev lock.\n\n[   75.307983] ======================================================\n[   75.307984] WARNING: possible circular locking dependency detected\n[   75.307985] 6.12.0-rc6+ #22 Not tainted\n[   75.307987] ------------------------------------------------------\n[   75.307987] kworker/u81:2/2623 is trying to acquire lock:\n[   75.307988] ffff8fde1769da58 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO)\n               at: iso_connect_cfm+0x253/0x840 [bluetooth]\n[   75.308021]\n               but task is already holding lock:\n[   75.308022] ffff8fdd61a10078 (&hdev-\u003elock)\n               at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth]\n[   75.308053]\n               which lock already depends on the new lock.\n\n[   75.308054]\n               the existing dependency chain (in reverse order) is:\n[   75.308055]\n               -\u003e #1 (&hdev-\u003elock){+.+.}-{3:3}:\n[   75.308057]        __mutex_lock+0xad/0xc50\n[   75.308061]        mutex_lock_nested+0x1b/0x30\n[   75.308063]        iso_sock_listen+0x143/0x5c0 [bluetooth]\n[   75.308085]        __sys_listen_socket+0x49/0x60\n[   75.308088]        __x64_sys_listen+0x4c/0x90\n[   75.308090]        x64_sys_call+0x2517/0x25f0\n[   75.308092]        do_syscall_64+0x87/0x150\n[   75.308095]        entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[   75.308098]\n               -\u003e #0 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}:\n[   75.308100]        __lock_acquire+0x155e/0x25f0\n[   75.308103]        lock_acquire+0xc9/0x300\n[   75.308105]        lock_sock_nested+0x32/0x90\n[   75.308107]        iso_connect_cfm+0x253/0x840 [bluetooth]\n[   75.308128]        hci_connect_cfm+0x6c/0x190 [bluetooth]\n[   75.308155]        hci_le_per_adv_report_evt+0x27b/0x2f0 [bluetooth]\n[   75.308180]        hci_le_meta_evt+0xe7/0x200 [bluetooth]\n[   75.308206]        hci_event_packet+0x21f/0x5c0 [bluetooth]\n[   75.308230]        hci_rx_work+0x3ae/0xb10 [bluetooth]\n[   75.308254]        process_one_work+0x212/0x740\n[   75.308256]        worker_thread+0x1bd/0x3a0\n[   75.308258]        kthread+0xe4/0x120\n[   75.308259]        ret_from_fork+0x44/0x70\n[   75.308261]        ret_from_fork_asm+0x1a/0x30\n[   75.308263]\n               other info that might help us debug this:\n\n[   75.308264]  Possible unsafe locking scenario:\n\n[   75.308264]        CPU0                CPU1\n[   75.308265]        ----                ----\n[   75.308265]   lock(&hdev-\u003elock);\n[   75.308267]                            lock(sk_lock-\n                                                AF_BLUETOOTH-BTPROTO_ISO);\n[   75.308268]                            lock(&hdev-\u003elock);\n[   75.308269]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_ISO);\n[   75.308270]\n                *** DEADLOCK ***\n\n[   75.308271] 4 locks held by kworker/u81:2/2623:\n[   75.308272]  #0: ffff8fdd66e52148 ((wq_completion)hci0#2){+.+.}-{0:0},\n                at: process_one_work+0x443/0x740\n[   75.308276]  #1: ffffafb488b7fe48 ((work_completion)(&hdev-\u003erx_work)),\n                at: process_one_work+0x1ce/0x740\n[   75.308280]  #2: ffff8fdd61a10078 (&hdev-\u003elock){+.+.}-{3:3}\n                at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth]\n[   75.308304]  #3: ffffffffb6ba4900 (rcu_read_lock){....}-{1:2},\n                at: hci_connect_cfm+0x29/0x190 [bluetooth]","modified":"2026-04-02T12:23:59.860245Z","published":"2025-01-11T12:29:53.553Z","related":["USN-7379-2","USN-7380-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/54xxx/CVE-2024-54460.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/168e28305b871d8ec604a8f51f35467b8d7ba05b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c541d7b5e17987ed330798b07d4ad508859c1c93"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/54xxx/CVE-2024-54460.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54460"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"02171da6e86a73e1b343b36722f5d9d5c04b3539"},{"fixed":"c541d7b5e17987ed330798b07d4ad508859c1c93"},{"fixed":"168e28305b871d8ec604a8f51f35467b8d7ba05b"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"a6c3af0a620082d191dabc69c4925b3e6c26dd48"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-54460.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}