CVE-2023-53017

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sync: fix memory leak in hci_update_adv_data()

When hci_cmd_sync_queue() failed in hci_update_adv_data(), inst_ptr is not freed, which will cause memory leak, convert to use ERR_PTR/PTR_ERR to pass the instance to callback so no memory needs to be allocated.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux651cd3d65b0f76a2198fcf3a80ce5d53dd267717 < 8ac6043bd3e5b58d30f50737aedc2e58e8087ad5affected
LinuxLinux651cd3d65b0f76a2198fcf3a80ce5d53dd267717 < 1ed8b37cbaf14574c779064ef1372af62e8ba6aaaffected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.9 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References