CVE-2024-24859: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in the Linux kernel's net/bluetooth subsystem, specifically in the sniff_{min,max}_interval_set() function. The vulnerability was assigned CVE-2024-24859 and was first reported on February 1, 2024. This issue affects Linux kernel versions up to 3.19.8 and from version 6.0 up to 6.7.2, including version 6.8-rc1 (NVD).

The vulnerability stems from a race condition in the sniff_{min,max}interval_set() function where the validation of update parameters occurs without holding the appropriate lock. The hdev->sniff{min,max}_interval parameters could be modified after the validity check but before the actual update, potentially allowing invalid values where sniff_max_interval becomes smaller than sniff_min_interval. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause abnormal Bluetooth sniffing behavior as the hdev->sniff_{min,max}_interval parameters are crucial for Bluetooth operation. These parameters are used in the hci_conn_idle function to initialize hci_cp_sniff_subrate, which determines sniffing time intervals. Invalid parameter values can lead to Bluetooth sniffing exceptions and result in denial of service conditions (OpenAnolis).

The recommended fix involves expanding the buffer in the sniff_{min,max}_interval_set function and including the parameter validity check code within the hci_dev_lock critical section. A patch has been submitted to the Linux Kernel Bluetooth subsystem maintainers (OpenAnolis).