CVE-2023-53297

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp

conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance' is triggered.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf2d38e77aa5f3effc143e7dd24da8acf02925958 < 5f352a56f0e607e6ff539cbf12156bfd8af232beaffected
LinuxLinux1351551aa9058e07a20a27a158270cf84fcde621 < 6a27762340ad08643de3bc17fe1646ea489ca2e2affected
LinuxLinuxc02421992505c95c7f3c9ad59ee35e22eac60988 < 2112c4c47d36bc5aba3ddeb9afedce6ae6a67e7daffected
LinuxLinuxd9ba36c22a7bb09d6bac4cc2f243eff05da53f43 < 55410a9144c76ecda126e6cdec556dfcd8f343b2affected
LinuxLinuxac6725a634f7e8c0330610a8527f20c730b61115 < 116b9c002c894097adc2b8684db2d1da4229ed46affected
LinuxLinux348d446762e7c70778df8bafbdf3fa0df2123f58 < fd269a0435f8e9943b7a57c5a59688848d42d449affected
LinuxLinuxa2a9339e1c9deb7e1e079e12e27a0265aea8421a < 5134556c9be582793f30695c09d18a26fe1ff2d7affected
LinuxLinuxa2a9339e1c9deb7e1e079e12e27a0265aea8421a < 25e97f7b1866e6b8503be349eeea44bb52d661ceaffected
LinuxLinuxd82a439c3cfdb28aa7e82e2e849c5c4dd9fca284affected
LinuxLinux4.14.313 < 4.14.316affected
LinuxLinux4.19.281 < 4.19.284affected
LinuxLinux5.4.241 < 5.4.244affected
LinuxLinux5.10.178 < 5.10.181affected
LinuxLinux5.15.108 < 5.15.113affected
LinuxLinux6.1.25 < 6.1.30affected
LinuxLinux6.2.12 < 6.3affected
LinuxLinux6.3affected
LinuxLinux0 < 6.3unaffected
LinuxLinux4.14.316 <= 4.14.*unaffected
LinuxLinux4.19.284 <= 4.19.*unaffected
LinuxLinux5.4.244 <= 5.4.*unaffected
LinuxLinux5.10.181 <= 5.10.*unaffected
LinuxLinux5.15.113 <= 5.15.*unaffected
LinuxLinux6.1.30 <= 6.1.*unaffected
LinuxLinux6.3.4 <= 6.3.*unaffected
LinuxLinux6.4 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References