CVE-2023-53374
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-12-12
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early
Not calling hci_(dis)connect_cfm before deleting conn referred to by a
socket generally results to use-after-free.
When cleaning up SCO connections when the parent ACL is deleted too
early, use hci_conn_failed to do the connection cleanup properly.
We also need to clean up ISO connections in a similar situation when
connecting has started but LE Create CIS is not yet sent, so do it too
here.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.3.8 (inc) to 6.4 (exc) |
| linux | linux_kernel | From 6.4.1 (inc) to 6.4.16 (exc) |
| linux | linux_kernel | From 6.5 (inc) to 6.5.3 (exc) |
| linux | linux_kernel | 6.4 |
| linux | linux_kernel | 6.4 |
| linux | linux_kernel | 6.4 |
| linux | linux_kernel | 6.4 |
| linux | linux_kernel | 6.4 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
