{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-58238", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:19:43.804Z", "datePublished": "2025-08-09T14:31:47.079Z", "dateUpdated": "2025-08-09T14:31:47.079Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-08-09T14:31:47.079Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Resolve TX timeout error in power save stress test\n\nThis fixes the tx timeout issue seen while running a stress test on\nbtnxpuart for couple of hours, such that the interval between two HCI\ncommands coincide with the power save timeout value of 2 seconds.\n\nTest procedure using bash script:\n<load btnxpuart.ko>\nhciconfig hci0 up\n//Enable Power Save feature\nhcitool -i hci0 cmd 3f 23 02 00 00\nwhile (true)\ndo\n hciconfig hci0 leadv\n sleep 2\n hciconfig hci0 noleadv\n sleep 2\ndone\n\nError log, after adding few more debug prints:\nBluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00\nBluetooth: hci0: Set UART break: on, status=0\nBluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduled\nBluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00\nCan't set advertise mode on hci0: Connection timed out (110)\nBluetooth: hci0: command 0x200a tx timeout\n\nWhen the power save mechanism turns on UART break, and btnxpuart_tx_work()\nis scheduled simultaneously, psdata->ps_state is read as PS_STATE_AWAKE,\nwhich prevents the psdata->work from being scheduled, which is responsible\nto turn OFF UART break.\n\nThis issue is fixed by adding a ps_lock mutex around UART break on/off as\nwell as around ps_state read/write.\nbtnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state is\nPS_STATE_SLEEP, it will first schedule psdata->work, and then it will\nreschedule itself once UART break has been turned off and ps_state is\nPS_STATE_AWAKE.\n\nTested above script for 50,000 iterations and TX timeout error was not\nobserved anymore."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bluetooth/btnxpuart.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9d5df94ce0e213d5b549633f528f96114c736190", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e4db90e4eb8d5487098712ffb1048f3fa6d25e98", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bluetooth/btnxpuart.c"], "versions": [{"version": "6.6.49", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.49"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9d5df94ce0e213d5b549633f528f96114c736190"}, {"url": "https://git.kernel.org/stable/c/e4db90e4eb8d5487098712ffb1048f3fa6d25e98"}], "title": "Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Resolve TX timeout error in power save stress test\n\nThis fixes the tx timeout issue seen while running a stress test on\nbtnxpuart for couple of hours, such that the interval between two HCI\ncommands coincide with the power save timeout value of 2 seconds.\n\nTest procedure using bash script:\n<load btnxpuart.ko>\nhciconfig hci0 up\n//Enable Power Save feature\nhcitool -i hci0 cmd 3f 23 02 00 00\nwhile (true)\ndo\n hciconfig hci0 leadv\n sleep 2\n hciconfig hci0 noleadv\n sleep 2\ndone\n\nError log, after adding few more debug prints:\nBluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00\nBluetooth: hci0: Set UART break: on, status=0\nBluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduled\nBluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00\nCan't set advertise mode on hci0: Connection timed out (110)\nBluetooth: hci0: command 0x200a tx timeout\n\nWhen the power save mechanism turns on UART break, and btnxpuart_tx_work()\nis scheduled simultaneously, psdata->ps_state is read as PS_STATE_AWAKE,\nwhich prevents the psdata->work from being scheduled, which is responsible\nto turn OFF UART break.\n\nThis issue is fixed by adding a ps_lock mutex around UART break on/off as\nwell as around ps_state read/write.\nbtnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state is\nPS_STATE_SLEEP, it will first schedule psdata->work, and then it will\nreschedule itself once UART break has been turned off and ps_state is\nPS_STATE_AWAKE.\n\nTested above script for 50,000 iterations and TX timeout error was not\nobserved anymore."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btnxpuart: resolver error de tiempo de espera de TX en la prueba de esfuerzo de ahorro de energ\u00eda Esto corrige el problema de tiempo de espera de TX observado al ejecutar una prueba de esfuerzo en btnxpuart durante un par de horas, de modo que el intervalo entre dos comandos HCI coincida con el valor de tiempo de espera de ahorro de energ\u00eda de 2 segundos. Procedimiento de prueba usando script bash: hciconfig hci0 up //Habilitar funci\u00f3n de ahorro de energ\u00eda hcitool -i hci0 cmd 3f 23 02 00 00 while (true) do hciconfig hci0 leadv sleep 2 hciconfig hci0 noleadv sleep 2 done Registro de errores, despu\u00e9s de agregar algunas impresiones de depuraci\u00f3n m\u00e1s: Bluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00 Bluetooth: hci0: Establecer UART break: activado, estado=0 Bluetooth: hci0: btnxpuart_tx_wakeup() tx_work programado Bluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00 No se puede establecer el modo de anuncio en hci0: Se agot\u00f3 el tiempo de conexi\u00f3n (110) Bluetooth: hci0: comando 0x200a Tiempo de espera de TX: Cuando el mecanismo de ahorro de energ\u00eda activa la interrupci\u00f3n de UART y btnxpuart_tx_work() se programa simult\u00e1neamente, psdata-&gt;ps_state se lee como PS_STATE_AWAKE, lo que impide que se programe psdata-&gt;work, que es responsable de desactivar la interrupci\u00f3n de UART. Este problema se soluciona a\u00f1adiendo un mutex ps_lock alrededor de la activaci\u00f3n/desactivaci\u00f3n de la interrupci\u00f3n de UART, as\u00ed como alrededor de la lectura/escritura de ps_state. btnxpuart_tx_wakeup() ahora leer\u00e1 el valor actualizado de ps_state. Si ps_state es PS_STATE_SLEEP, primero programar\u00e1 psdata-&gt;work y luego se reprogramar\u00e1 a s\u00ed mismo una vez que la interrupci\u00f3n de UART se haya desactivado y ps_state sea PS_STATE_AWAKE. Prob\u00e9 el script anterior durante 50,000 iteraciones y el error de tiempo de espera de TX ya no se observ\u00f3."}], "id": "CVE-2024-58238", "lastModified": "2025-08-11T18:32:48.867", "metrics": {}, "published": "2025-08-09T15:15:27.893", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9d5df94ce0e213d5b549633f528f96114c736190"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e4db90e4eb8d5487098712ffb1048f3fa6d25e98"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test", "id": "2387389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387389"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2024-58238", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-58238\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-58238\nhttps://lore.kernel.org/linux-cve-announce/2025080948-CVE-2024-58238-fd48@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-08-12T07:45:34.404379+00:00", "updated": "2025-08-12T07:45:34.404451+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}