Use After Free Vulnerability in Linux Kernel Bluetooth Implementation
CVE-2023-53145

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 May 2025

What is CVE-2023-53145?

A use after free vulnerability has been identified in the Linux kernel's Bluetooth subsystem, particularly affecting the btsdio implementation. This issue arises from a race condition in the btsdio_remove function, where the associated work, bound to btsdio_work, is not canceled before the cleanup process. If btsdio_remove is executed while the work is still pending, it can lead to referencing a freed memory segment, potentially causing unpredictable behavior and system instability. The vulnerability has been addressed in recent kernel updates.

Affected Version(s)

Linux ddbaf13e3609442b64abb931ac21527772d87980 < 6c3653627397a0d6eab19b20a59423e118985a6b

Linux ddbaf13e3609442b64abb931ac21527772d87980 < 3efcbf25e5ab4d4ad1b7e6ba0869ff85540e3f6e

Linux ddbaf13e3609442b64abb931ac21527772d87980

References

https://git.kernel.org/stable/c/6c3653627397a0d6eab19b20a...

https://git.kernel.org/stable/c/3efcbf25e5ab4d4ad1b7e6ba0...

https://git.kernel.org/stable/c/a6650d27ab2c12a8ee750f396...

Timeline

Vulnerability published
May 10, 2025
Vulnerability Reserved
May 2, 2025

JSON