cve/2024/CVE-2024-58238.md

### [CVE-2024-58238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58238)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=689ca16e523278470c38832a3010645a78c544d8%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:Bluetooth: btnxpuart: Resolve TX timeout error in power save stress testThis fixes the tx timeout issue seen while running a stress test onbtnxpuart for couple of hours, such that the interval between two HCIcommands coincide with the power save timeout value of 2 seconds.Test procedure using bash script:<load btnxpuart.ko>hciconfig hci0 up//Enable Power Save featurehcitool -i hci0 cmd 3f 23 02 00 00while (true)do    hciconfig hci0 leadv    sleep 2    hciconfig hci0 noleadv    sleep 2doneError log, after adding few more debug prints:Bluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00Bluetooth: hci0: Set UART break: on, status=0Bluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduledBluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00Can't set advertise mode on hci0: Connection timed out (110)Bluetooth: hci0: command 0x200a tx timeoutWhen the power save mechanism turns on UART break, and btnxpuart_tx_work()is scheduled simultaneously, psdata->ps_state is read as PS_STATE_AWAKE,which prevents the psdata->work from being scheduled, which is responsibleto turn OFF UART break.This issue is fixed by adding a ps_lock mutex around UART break on/off aswell as around ps_state read/write.btnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state isPS_STATE_SLEEP, it will first schedule psdata->work, and then it willreschedule itself once UART break has been turned off and ps_state isPS_STATE_AWAKE.Tested above script for 50,000 iterations and TX timeout error was notobserved anymore.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-58238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58238)`
			`![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=6.4%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=689ca16e523278470c38832a3010645a78c544d8%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)`

			`### Description`

			In the Linux kernel, the following vulnerability has been resolved:Bluetooth: btnxpuart: Resolve TX timeout error in power save stress testThis fixes the tx timeout issue seen while running a stress test onbtnxpuart for couple of hours, such that the interval between two HCIcommands coincide with the power save timeout value of 2 seconds.Test procedure using bash script:<load btnxpuart.ko>hciconfig hci0 up//Enable Power Save featurehcitool -i hci0 cmd 3f 23 02 00 00while (true)do hciconfig hci0 leadv sleep 2 hciconfig hci0 noleadv sleep 2doneError log, after adding few more debug prints:Bluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00Bluetooth: hci0: Set UART break: on, status=0Bluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduledBluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00Can't set advertise mode on hci0: Connection timed out (110)Bluetooth: hci0: command 0x200a tx timeoutWhen the power save mechanism turns on UART break, and btnxpuart_tx_work()is scheduled simultaneously, psdata->ps_state is read as PS_STATE_AWAKE,which prevents the psdata->work from being scheduled, which is responsibleto turn OFF UART break.This issue is fixed by adding a ps_lock mutex around UART break on/off aswell as around ps_state read/write.btnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state isPS_STATE_SLEEP, it will first schedule psdata->work, and then it willreschedule itself once UART break has been turned off and ps_state isPS_STATE_AWAKE.Tested above script for 50,000 iterations and TX timeout error was notobserved anymore.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`