Bluetooth Stack Issue in Linux Kernel Affecting Connectivity and Performance
CVE-2023-53673
What is CVE-2023-53673?
A vulnerability in the Bluetooth stack of the Linux kernel has been identified, where a disconnect callback may not be properly invoked before a connection is deleted. This issue arises from a flawed handling of connection references during disconnection, which can lead to situations where ISO, L2CAP, and SCO connections continue to reference a connection that has already been deleted. If the cleanup process does not occur correctly, it can result in a use-after-free condition, potentially compromising system stability and causing unexpected crashes. It is essential for users to update to the latest version of the Linux kernel where this vulnerability has been addressed.
Affected Version(s)
Linux b8d290525e3972b5e876b2649a42bf4081d753fe < 59bd1e476bbc7bc6dff3c61bba787095a4839796
Linux b8d290525e3972b5e876b2649a42bf4081d753fe < 093a07052406b363b1b2ab489e17dbadaf3e509b
Linux b8d290525e3972b5e876b2649a42bf4081d753fe < 7f7cfcb6f0825652973b780f248603e23f16ee90