CVE-2023-54197
Use-After-Free Vulnerability in Linux Bluetooth BTSdio Component
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability relates to the Linux kernel's Bluetooth subsystem, specifically the btsdio driver. It involves a use-after-free bug in the btsdio_remove function caused by unfinished work and race conditions. A previous patch that attempted to fix this introduced a possible null pointer dereference problem, so it was reverted. The underlying use-after-free bug was later resolved by a different commit addressing the race condition.
How can this vulnerability impact me? :
The use-after-free bug in the Bluetooth driver could potentially lead to system instability or crashes when Bluetooth devices are removed, and might be exploitable to cause unintended behavior or security issues in the kernel. However, specific impacts or exploit scenarios are not detailed in the provided information.