CVE-2024-44962

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading<br /> <br /> When unload the btnxpuart driver, its associated timer will be deleted.<br /> If the timer happens to be modified at this moment, it leads to the<br /> kernel call this timer even after the driver unloaded, resulting in<br /> kernel panic.<br /> Use timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.<br /> <br /> panic log:<br /> Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP<br /> Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded: btnxpuart]<br /> CPU: 5 PID: 723 Comm: memtester Tainted: G O 6.6.23-lts-next-06207-g4aef2658ac28 #1<br /> Hardware name: NXP i.MX95 19X19 board (DT)<br /> pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : 0xffff80007a2cf464<br /> lr : call_timer_fn.isra.0+0x24/0x80<br /> ...<br /> Call trace:<br /> 0xffff80007a2cf464<br /> __run_timers+0x234/0x280<br /> run_timer_softirq+0x20/0x40<br /> __do_softirq+0x100/0x26c<br /> ____do_softirq+0x10/0x1c<br /> call_on_irq_stack+0x24/0x4c<br /> do_softirq_own_stack+0x1c/0x2c<br /> irq_exit_rcu+0xc0/0xdc<br /> el0_interrupt+0x54/0xd8<br /> __el0_irq_handler_common+0x18/0x24<br /> el0t_64_irq_handler+0x10/0x1c<br /> el0t_64_irq+0x190/0x194<br /> Code: ???????? ???????? ???????? ???????? (????????)<br /> ---[ end trace 0000000000000000 ]---<br /> Kernel panic - not syncing: Oops: Fatal exception in interrupt<br /> SMP: stopping secondary CPUs<br /> Kernel Offset: disabled<br /> CPU features: 0x0,c0000000,40028143,1000721b<br /> Memory Limit: none<br /> ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---