Use-After-Free Vulnerability in Linux Kernel Bluetooth for Products by Vendor
CVE-2023-53762

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2023-53762?

A vulnerability has been identified in the Linux kernel's Bluetooth subsystem. The issue arises in the 'hci_disconnect_all_sync' function where a use-after-free condition may occur if a connection is deleted while another process concurrently processes a controller event. To mitigate this vulnerability, the code has been updated to iterate backwards through the connection list, ensuring that links are properly cleaned up before their parent references are removed. This prevents potential crashes and maintains Bluetooth connection stability.

Affected Version(s)

Linux 182ee45da083db4e3e621541ccf255bfa9652214

Linux 182ee45da083db4e3e621541ccf255bfa9652214 < 94d9ba9f9888b748d4abd2aa1547af56ae85f772

References

https://git.kernel.org/stable/c/a30c074f0b5b7f909a15c978f...

https://git.kernel.org/stable/c/ba3ba53ce1f76fc372b8f918f...

https://git.kernel.org/stable/c/94d9ba9f9888b748d4abd2aa1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Dec 8, 2025

JSON