CVE-2023-54038
Unknown Unknown - Not Provided

Null Pointer Dereference in Linux Bluetooth HCI Connection Handling

Vulnerability report for CVE-2023-54038, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL). sco_connect() expects an ERR_PTR in case of any error (see line 266 in sco.c). Thus, hcon set as NULL passes through to sco_conn_add(), which tries to get hcon->hdev, resulting in dereferencing a NULL pointer as reported by syzkaller. The same issue exists for iso_connect_cis() calling hci_connect_cis(). Thus, make hci_connect_sco() and hci_connect_cis() return ERR_PTR instead of NULL.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-07-06
AI Q&A
2025-12-24
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's Bluetooth subsystem. Specifically, functions hci_connect_sco() and hci_connect_cis() return NULL when there is no link, but the calling functions expect an ERR_PTR error pointer instead. This mismatch causes a NULL pointer to be dereferenced, leading to potential crashes or undefined behavior.

Impact Analysis

The vulnerability can cause the Linux kernel Bluetooth subsystem to dereference a NULL pointer, which may lead to kernel crashes or instability. This can affect system reliability and potentially cause denial of service.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54038. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart