CVE-2025-21827

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()<br /> <br /> The documentation for usb_driver_claim_interface() says that "the<br /> device lock" is needed when the function is called from places other<br /> than probe(). This appears to be the lock for the USB interface<br /> device. The Mediatek btusb code gets called via this path:<br /> <br /> Workqueue: hci0 hci_power_on [bluetooth]<br /> Call trace:<br /> usb_driver_claim_interface<br /> btusb_mtk_claim_iso_intf<br /> btusb_mtk_setup<br /> hci_dev_open_sync<br /> hci_power_on<br /> process_scheduled_works<br /> worker_thread<br /> kthread<br /> <br /> With the above call trace the device lock hasn&amp;#39;t been claimed. Claim<br /> it.<br /> <br /> Without this fix, we&amp;#39;d sometimes see the error "Failed to claim iso<br /> interface". Sometimes we&amp;#39;d even see worse errors, like a NULL pointer<br /> dereference (where `intf-&gt;dev.driver` was NULL) with a trace like:<br /> <br /> Call trace:<br /> usb_suspend_both<br /> usb_runtime_suspend<br /> __rpm_callback<br /> rpm_suspend<br /> pm_runtime_work<br /> process_scheduled_works<br /> <br /> Both errors appear to be fixed with the proper locking.