CVE-2023-53145

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame.

If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxddbaf13e3609442b64abb931ac21527772d87980 < 6c3653627397a0d6eab19b20a59423e118985a6baffected
LinuxLinuxddbaf13e3609442b64abb931ac21527772d87980 < 3efcbf25e5ab4d4ad1b7e6ba0869ff85540e3f6eaffected
LinuxLinuxddbaf13e3609442b64abb931ac21527772d87980 < a6650d27ab2c12a8ee750f396edb5ac8b4558b2eaffected
LinuxLinuxddbaf13e3609442b64abb931ac21527772d87980 < 746b363bef41cc159c051c47f9e30800bc6b520daffected
LinuxLinuxddbaf13e3609442b64abb931ac21527772d87980 < a5c2a467e9e789ae0891de55b766daac52e3b7b3affected
LinuxLinuxddbaf13e3609442b64abb931ac21527772d87980 < 179c65828593aff1f444e15debd40a477cb23cf4affected
LinuxLinuxddbaf13e3609442b64abb931ac21527772d87980 < 73f7b171b7c09139eb3c6a5677c200dc1be5f318affected
LinuxLinux2.6.24affected
LinuxLinux0 < 2.6.24unaffected
LinuxLinux4.14.326 <= 4.14.*unaffected
LinuxLinux4.19.295 <= 4.19.*unaffected
LinuxLinux5.4.257 <= 5.4.*unaffected
LinuxLinux5.10.195 <= 5.10.*unaffected
LinuxLinux5.15.131 <= 5.15.*unaffected
LinuxLinux6.1.52 <= 6.1.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References