CVE-2023-53374 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early Not calling hci_(dis)connect_cfm before deleting conn referred to by a socket generally results to use-after-free. When cleaning up SCO connections when the parent ACL is deleted too early, use hci_conn_failed to do the connection cleanup properly. We also need to clean up ISO connections in a similar situation when connecting has started but LE Create CIS is not yet sent, so do it too here.

PUBLISHED Reserved 2025-09-17 | Published 2025-09-18 | Updated 2025-09-18 | Assigner Linux

Product status

Default status

unaffected

ca1fd42e7dbfcb34890ffbf1f2f4b356776dab6f (git) before 397d58007532644b35fad746da48c41161f32a57

affected

ca1fd42e7dbfcb34890ffbf1f2f4b356776dab6f (git) before e94b898463a62b72a2a8b75dea8936bf4db78e00

affected

ca1fd42e7dbfcb34890ffbf1f2f4b356776dab6f (git) before 3344d318337d9dca928fd448e966557ec5063f85

affected

75e35bd4b7935ceed2aacd82f55940e73bf0b63b (git)

affected

Default status

affected

6.4

affected

Any version before 6.4

unaffected

6.4.16 (semver)

unaffected

6.5.3 (semver)

unaffected

6.6 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/397d58007532644b35fad746da48c41161f32a57

git.kernel.org/...c/e94b898463a62b72a2a8b75dea8936bf4db78e00

git.kernel.org/...c/3344d318337d9dca928fd448e966557ec5063f85

cve.org (CVE-2023-53374)

nvd.nist.gov (CVE-2023-53374)

Download JSON

help @ threatint.eu