CVE-2024-44962: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-44962 affects the Linux kernel's Bluetooth btnxpuart driver. The vulnerability was discovered in September 2024 and involves a timer deletion issue during driver unloading that can lead to kernel panic. The vulnerability affects Linux kernel versions up to (excluding) 6.6.46 and versions from 6.7 up to (excluding) 6.10.5 (NVD).

The vulnerability occurs when unloading the btnxpuart driver, where its associated timer is deleted. If the timer happens to be modified at the moment of deletion, it leads to the kernel calling this timer even after the driver is unloaded, resulting in kernel panic. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, this vulnerability results in a kernel panic, effectively causing a denial of service condition on the affected system. The impact is limited to availability, with no direct effect on confidentiality or integrity (NVD).

The vulnerability has been fixed by replacing del_timer_sync() with timer_shutdown_sync() to prevent timer rearming during driver unloading. The fix has been implemented in various Linux kernel versions, including 6.8.0-50.51 for Ubuntu 24.04 LTS. Users should update their systems to the patched versions (Kernel Patch).