CVE-2024-24858: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in the Linux kernel's net/bluetooth subsystem, specifically in the {conn,adv}_{min,max}_interval_set() function (CVE-2024-24858). The vulnerability was reported on February 1, 2024, affecting Linux kernel versions from 3.19.8 through 6.7.12. This vulnerability impacts the Bluetooth subsystem's handling of connection and advertising interval parameters (NVD, Ubuntu).

The vulnerability exists in the {conn,adv}{min,max}interval_set() function used to update hdev->le{conn,adv}{min,max}interval parameters. The function lacks proper synchronization when validating parameter updates, potentially allowing the le{conn,adv}_{min,max}interval values to be modified between validation and actual update. This race condition can result in writing invalid interval values where le{conn,adv}max_interval becomes smaller than le{conn,adv}_min_interval. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (OpenAnolis, NVD).

The vulnerability affects the Bluetooth component's critical parameters used in l2cap connection and broadcast timing initialization. When exploited, it can cause abnormal behavior in Bluetooth l2cap connections or broadcasting, potentially leading to denial of service conditions. The impact is particularly significant for systems relying on Bluetooth connectivity (OpenAnolis).

The vulnerability has been fixed by expanding the critical section in the {conn,adv}_{min,max}_interval_set() function to include parameter validation within the hci_dev_lock protected region. A patch has been submitted to the Linux Kernel Bluetooth subsystem maintainers and has been incorporated into various distribution updates. Multiple Linux distributions have released security updates to address this vulnerability, including Ubuntu, Debian, and others (OpenAnolis, Debian).