CVE-2024-46680: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46680 affects the Linux kernel's Bluetooth btnxpuart driver. The vulnerability was discovered in the driver's power save feature, which could cause random kernel crashes during driver removal. The issue affects Linux kernel versions from 6.4 up to (excluding) 6.6.49, versions from 6.7 up to (excluding) 6.10.8, and various release candidates of version 6.11 (NVD).

The vulnerability stems from a race condition in the btnxpuart driver's power management code. Specifically, the pswakeup() call in btnxpuartclose() schedules the psdata->work(), which could get executed after the module is removed, leading to a kernel crash. This issue became more prominent after Power Save was enabled by default in commit 4183a7be7700. The vulnerability has a CVSS v3.1 base score of 5.5 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

When exploited, this vulnerability can cause a kernel crash (denial of service) during the driver removal process. The issue manifests as an 'Unable to handle kernel paging request' error, leading to a system crash. This particularly affects systems that frequently load and unload the btnxpuart Bluetooth driver (Kernel Patch).

The vulnerability has been fixed in the Linux kernel through the introduction of a new pscleanup() function that properly handles the power state cleanup during driver removal. The fix includes deasserting UART break immediately while closing the serdev device, canceling any scheduled pswork, and destroying the ps_lock mutex in the correct order (Kernel Patch).