In the Linux kernel, a recently resolved vulnerability (CVE-2024-53144) affects the Bluetooth functionality. This vulnerability involves the alignment of BR/EDR (basic rate/enhanced data rate) JUST_WORKS pairing with LE (low energy) in the Bluetooth HCI (Host Controller Interface) Event. In this long-read post, we will discuss the details of the vulnerability, provide a code snippet that addresses the issue, and share original references to help you understand and resolve the problem.

Exploit Details

The exploit (CVE-2024-8805) concerns the Bluetooth functionality within the Linux kernel, specifically the way it handles the JUST_WORKS method used in BR/EDR and LE pairing. The vulnerability could allow an attacker to bypass user confirmation requirements for JUST_WORKS pairing while attempting to connect a rogue device to a user's Bluetooth-equipped system. This could lead to unauthorized access to the user's system or the potential for data theft.

Code Snippet

The following code snippet represents the patch for resolving this vulnerability, as referenced in the original commit 92516cd97fd4:

/* … */
static void hci_event_sec_request(struct hci_dev *hdev, struct sk_buff *skb)
{
	struct hci_evt_sec_request *ev = (void *) skb->data;
	struct inquiry_entry *ie;
	struct hci_conn *conn;

	ie = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
						  ev->bdaddr.b);
	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);

	if (conn) {
		hci_conn_hold(conn);
		goto conn_already_exist;
	}
/* … */
}
/* … */
static void hci_event_link_key_notify(struct hci_dev *hdev, struct sk_buff *skb)
{
	struct hci_evt_link_key_notify *ev = (void *) skb->data;
	struct hci_conn *conn;

	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
	if (!conn)
		return;
/* … */
}

Original References

For further details and context about the vulnerability and its resolution, the following references provide valuable insights:

- Linux kernel source code
- Original commit 92516cd97fd4
- Bluetooth Specification, version 5.3

Conclusion

The recent Linux kernel vulnerability CVE-2024-53144 presented a potential security risk for systems using Bluetooth connections. By aligning the BR/EDR JUST_WORKS method with LE, this vulnerability has been successfully patched. Understanding and implementing the necessary precautions and patches can protect your systems from potential threats and ensure a safe and secure experience for users.

Timeline

Published on: 12/17/2024 16:15:25 UTC
Last modified on: 12/19/2024 09:40:20 UTC