L2CAP Vulnerability in Linux Kernel Bluetooth Stack
CVE-2023-53297

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2023-53297?

A vulnerability has been identified in the Linux kernel's Bluetooth subsystem concerning the L2CAP protocol. The issue arises due to an improper locking mechanism linked to the conn->chan_lock. Specifically, if the function l2cap_get_chan_by_scid returns NULL, it leads to a 'bad unlock balance' scenario. This abnormality could have implications for system stability and security, necessitating the application of relevant patches and updates to mitigate potential risks.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5f352a56f0e607e6ff539cbf12156bfd8af232be

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6a27762340ad08643de3bc17fe1646ea489ca2e2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2112c4c47d36bc5aba3ddeb9afedce6ae6a67e7d

References

https://git.kernel.org/stable/c/5f352a56f0e607e6ff539cbf1...

https://git.kernel.org/stable/c/6a27762340ad08643de3bc17f...

https://git.kernel.org/stable/c/2112c4c47d36bc5aba3ddeb9a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Sep 16, 2025