fkie_cve-2024-58238
Vulnerability from fkie_nvd
Published
2025-08-09 15:15
Modified
2025-08-11 18:32
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a stress test on btnxpuart for couple of hours, such that the interval between two HCI commands coincide with the power save timeout value of 2 seconds. Test procedure using bash script: <load btnxpuart.ko> hciconfig hci0 up //Enable Power Save feature hcitool -i hci0 cmd 3f 23 02 00 00 while (true) do hciconfig hci0 leadv sleep 2 hciconfig hci0 noleadv sleep 2 done Error log, after adding few more debug prints: Bluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00 Bluetooth: hci0: Set UART break: on, status=0 Bluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduled Bluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00 Can't set advertise mode on hci0: Connection timed out (110) Bluetooth: hci0: command 0x200a tx timeout When the power save mechanism turns on UART break, and btnxpuart_tx_work() is scheduled simultaneously, psdata->ps_state is read as PS_STATE_AWAKE, which prevents the psdata->work from being scheduled, which is responsible to turn OFF UART break. This issue is fixed by adding a ps_lock mutex around UART break on/off as well as around ps_state read/write. btnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state is PS_STATE_SLEEP, it will first schedule psdata->work, and then it will reschedule itself once UART break has been turned off and ps_state is PS_STATE_AWAKE. Tested above script for 50,000 iterations and TX timeout error was not observed anymore.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9d5df94ce0e213d5b549633f528f96114c736190
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e4db90e4eb8d5487098712ffb1048f3fa6d25e98
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Resolve TX timeout error in power save stress test\n\nThis fixes the tx timeout issue seen while running a stress test on\nbtnxpuart for couple of hours, such that the interval between two HCI\ncommands coincide with the power save timeout value of 2 seconds.\n\nTest procedure using bash script:\n\u003cload btnxpuart.ko\u003e\nhciconfig hci0 up\n//Enable Power Save feature\nhcitool -i hci0 cmd 3f 23 02 00 00\nwhile (true)\ndo\n    hciconfig hci0 leadv\n    sleep 2\n    hciconfig hci0 noleadv\n    sleep 2\ndone\n\nError log, after adding few more debug prints:\nBluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00\nBluetooth: hci0: Set UART break: on, status=0\nBluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduled\nBluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00\nCan\u0027t set advertise mode on hci0: Connection timed out (110)\nBluetooth: hci0: command 0x200a tx timeout\n\nWhen the power save mechanism turns on UART break, and btnxpuart_tx_work()\nis scheduled simultaneously, psdata-\u003eps_state is read as PS_STATE_AWAKE,\nwhich prevents the psdata-\u003ework from being scheduled, which is responsible\nto turn OFF UART break.\n\nThis issue is fixed by adding a ps_lock mutex around UART break on/off as\nwell as around ps_state read/write.\nbtnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state is\nPS_STATE_SLEEP, it will first schedule psdata-\u003ework, and then it will\nreschedule itself once UART break has been turned off and ps_state is\nPS_STATE_AWAKE.\n\nTested above script for 50,000 iterations and TX timeout error was not\nobserved anymore."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btnxpuart: resolver error de tiempo de espera de TX en la prueba de esfuerzo de ahorro de energ\u00eda Esto corrige el problema de tiempo de espera de TX observado al ejecutar una prueba de esfuerzo en btnxpuart durante un par de horas, de modo que el intervalo entre dos comandos HCI coincida con el valor de tiempo de espera de ahorro de energ\u00eda de 2 segundos. Procedimiento de prueba usando script bash:  hciconfig hci0 up //Habilitar funci\u00f3n de ahorro de energ\u00eda hcitool -i hci0 cmd 3f 23 02 00 00 while (true) do hciconfig hci0 leadv sleep 2 hciconfig hci0 noleadv sleep 2 done Registro de errores, despu\u00e9s de agregar algunas impresiones de depuraci\u00f3n m\u00e1s: Bluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00 Bluetooth: hci0: Establecer UART break: activado, estado=0 Bluetooth: hci0: btnxpuart_tx_wakeup() tx_work programado Bluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00 No se puede establecer el modo de anuncio en hci0: Se agot\u00f3 el tiempo de conexi\u00f3n (110) Bluetooth: hci0: comando 0x200a Tiempo de espera de TX: Cuando el mecanismo de ahorro de energ\u00eda activa la interrupci\u00f3n de UART y btnxpuart_tx_work() se programa simult\u00e1neamente, psdata-\u0026gt;ps_state se lee como PS_STATE_AWAKE, lo que impide que se programe psdata-\u0026gt;work, que es responsable de desactivar la interrupci\u00f3n de UART. Este problema se soluciona a\u00f1adiendo un mutex ps_lock alrededor de la activaci\u00f3n/desactivaci\u00f3n de la interrupci\u00f3n de UART, as\u00ed como alrededor de la lectura/escritura de ps_state. btnxpuart_tx_wakeup() ahora leer\u00e1 el valor actualizado de ps_state. Si ps_state es PS_STATE_SLEEP, primero programar\u00e1 psdata-\u0026gt;work y luego se reprogramar\u00e1 a s\u00ed mismo una vez que la interrupci\u00f3n de UART se haya desactivado y ps_state sea PS_STATE_AWAKE. Prob\u00e9 el script anterior durante 50,000 iteraciones y el error de tiempo de espera de TX ya no se observ\u00f3."
    }
  ],
  "id": "CVE-2024-58238",
  "lastModified": "2025-08-11T18:32:48.867",
  "metrics": {},
  "published": "2025-08-09T15:15:27.893",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9d5df94ce0e213d5b549633f528f96114c736190"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e4db90e4eb8d5487098712ffb1048f3fa6d25e98"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.