CVE-2024-58238
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-09

Last updated on: 2025-11-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a stress test on btnxpuart for couple of hours, such that the interval between two HCI commands coincide with the power save timeout value of 2 seconds. Test procedure using bash script: <load btnxpuart.ko> hciconfig hci0 up //Enable Power Save feature hcitool -i hci0 cmd 3f 23 02 00 00 while (true) do hciconfig hci0 leadv sleep 2 hciconfig hci0 noleadv sleep 2 done Error log, after adding few more debug prints: Bluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00 Bluetooth: hci0: Set UART break: on, status=0 Bluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduled Bluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00 Can't set advertise mode on hci0: Connection timed out (110) Bluetooth: hci0: command 0x200a tx timeout When the power save mechanism turns on UART break, and btnxpuart_tx_work() is scheduled simultaneously, psdata->ps_state is read as PS_STATE_AWAKE, which prevents the psdata->work from being scheduled, which is responsible to turn OFF UART break. This issue is fixed by adding a ps_lock mutex around UART break on/off as well as around ps_state read/write. btnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state is PS_STATE_SLEEP, it will first schedule psdata->work, and then it will reschedule itself once UART break has been turned off and ps_state is PS_STATE_AWAKE. Tested above script for 50,000 iterations and TX timeout error was not observed anymore.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-09
Last Modified
2025-11-19
Generated
2026-05-07
AI Q&A
2025-08-09
EPSS Evaluated
2026-05-05
NVD
CVE-2024-58238
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a transmission (TX) timeout error in the Linux kernel's Bluetooth btnxpuart driver. It occurs during power save stress tests when the interval between two HCI commands matches the power save timeout of 2 seconds. The issue arises because the UART break is turned on by the power save mechanism while a transmission work function is scheduled simultaneously. This causes a race condition where the power save state is incorrectly read as awake, preventing the work responsible for turning off the UART break from being scheduled. The fix involves adding a mutex lock around UART break control and power save state reads/writes to ensure proper synchronization, preventing the TX timeout error.


How can this vulnerability impact me? :

This vulnerability can cause Bluetooth transmission timeouts on affected Linux systems, leading to failures in setting Bluetooth advertise mode and potentially disrupting Bluetooth communication. This can affect the reliability and stability of Bluetooth connections, especially under power save conditions or stress testing scenarios.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by running a stress test on the btnxpuart Bluetooth interface and observing for TX timeout errors. The provided test procedure involves loading the btnxpuart kernel module, bringing up the hci0 interface, enabling the Power Save feature, and repeatedly enabling and disabling Bluetooth advertising with 2-second intervals. The commands to use are: 1. Load btnxpuart module: <load btnxpuart.ko> 2. Bring up interface: hciconfig hci0 up 3. Enable Power Save: hcitool -i hci0 cmd 3f 23 02 00 00 4. Run loop: while (true) do hciconfig hci0 leadv sleep 2 hciconfig hci0 noleadv sleep 2 done During this test, check system logs for error messages such as: - "Can't set advertise mode on hci0: Connection timed out (110)" - "Bluetooth: hci0: command 0x200a tx timeout" These errors indicate the presence of the TX timeout issue.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the btnxpuart TX timeout issue has been fixed. The fix involves adding a mutex lock around UART break on/off and ps_state read/write to ensure proper synchronization, preventing the TX timeout error. Until the update is applied, avoid running the power save stress test scenario that triggers the issue or disable the power save feature on the btnxpuart Bluetooth interface to prevent the UART break and TX timeout condition.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart