CVE-2024-58238

EPSS 0.03%
Published 09.08.2025 14:31:47
Last modified 11.08.2025 18:32:48
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test

This fixes the tx timeout issue seen while running a stress test on
btnxpuart for couple of hours, such that the interval between two HCI
commands coincide with the power save timeout value of 2 seconds.

Test procedure using bash script:
<load btnxpuart.ko>
hciconfig hci0 up
//Enable Power Save feature
hcitool -i hci0 cmd 3f 23 02 00 00
while (true)
do
    hciconfig hci0 leadv
    sleep 2
    hciconfig hci0 noleadv
    sleep 2
done

Error log, after adding few more debug prints:
Bluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00
Bluetooth: hci0: Set UART break: on, status=0
Bluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduled
Bluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00
Can't set advertise mode on hci0: Connection timed out (110)
Bluetooth: hci0: command 0x200a tx timeout

When the power save mechanism turns on UART break, and btnxpuart_tx_work()
is scheduled simultaneously, psdata->ps_state is read as PS_STATE_AWAKE,
which prevents the psdata->work from being scheduled, which is responsible
to turn OFF UART break.

This issue is fixed by adding a ps_lock mutex around UART break on/off as
well as around ps_state read/write.
btnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state is
PS_STATE_SLEEP, it will first schedule psdata->work, and then it will
reschedule itself once UART break has been turned off and ps_state is
PS_STATE_AWAKE.

Tested above script for 50,000 iterations and TX timeout error was not
observed anymore.

Affected products Warnungen 0 Metrics 1 CWE 0 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 9d5df94ce0e213d5b549633f528f96114c736190

Version 689ca16e523278470c38832a3010645a78c544d8

Status affected

Version < e4db90e4eb8d5487098712ffb1048f3fa6d25e98

Version 689ca16e523278470c38832a3010645a78c544d8

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.4

Status affected

Version < 6.4

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.49

Status unaffected

Version <= *

Version 6.9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.056

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/9d5df94ce0e213d5b549633f528f96114c736190

https://git.kernel.org/stable/c/e4db90e4eb8d5487098712ffb1048f3fa6d25e98

https://nvd.nist.gov/vuln/detail/CVE-2024-58238

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-58238

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-58238

EUVD