CVE-2023-53017
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: fix memory leak in hci_update_adv_data()
When hci_cmd_sync_queue() failed in hci_update_adv_data(), inst_ptr is not freed, which will cause memory leak, convert to use ERR_PTR/PTR_ERR to pass the instance to callback so no memory needs to be allocated.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 651cd3d65b0f76a2198fcf3a80ce5d53dd267717 < 8ac6043bd3e5b58d30f50737aedc2e58e8087ad5 | affected |
| Linux | Linux | 651cd3d65b0f76a2198fcf3a80ce5d53dd267717 < 1ed8b37cbaf14574c779064ef1372af62e8ba6aa | affected |
| Linux | Linux | 6.1 | affected |
| Linux | Linux | 0 < 6.1 | unaffected |
| Linux | Linux | 6.1.9 <= 6.1.* | unaffected |
| Linux | Linux | 6.2 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/8ac6043bd3e5b58d30f50737aedc2e58e8087ad5
- https://git.kernel.org/stable/c/1ed8b37cbaf14574c779064ef1372af62e8ba6aa
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.