CVE-2023-53297
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance' is triggered.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-02
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53297
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 4.14.316 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.284 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.244 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.181 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.113 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.30 (exc)
linux linux_kernel From 6.2 (inc) to 6.3.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's Bluetooth L2CAP component involves a 'bad unlock balance' error. Specifically, the conn->chan_lock is not acquired before calling l2cap_get_chan_by_scid. If l2cap_get_chan_by_scid returns NULL, it triggers an improper unlocking sequence, which is referred to as a 'bad unlock balance'.

Impact Analysis

The vulnerability could lead to instability or unexpected behavior in the Bluetooth subsystem of the Linux kernel due to improper lock handling. This might cause crashes or denial of service conditions, potentially affecting system reliability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53297. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart