Use After Free Vulnerability in Linux Kernel Bluetooth Implementation
CVE-2023-53145

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 May 2025

What is CVE-2023-53145?

A use after free vulnerability has been identified in the Linux kernel's Bluetooth subsystem, particularly affecting the btsdio implementation. This issue arises from a race condition in the btsdio_remove function, where the associated work, bound to btsdio_work, is not canceled before the cleanup process. If btsdio_remove is executed while the work is still pending, it can lead to referencing a freed memory segment, potentially causing unpredictable behavior and system instability. The vulnerability has been addressed in recent kernel updates.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6c3653627397a0d6eab19b20a59423e118985a6b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3efcbf25e5ab4d4ad1b7e6ba0869ff85540e3f6e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/6c3653627397a0d6eab19b20a...

https://git.kernel.org/stable/c/3efcbf25e5ab4d4ad1b7e6ba0...

https://git.kernel.org/stable/c/a6650d27ab2c12a8ee750f396...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2025
Vulnerability Reserved
May 2, 2025