CVE-2023-54210
Use-After-Free in Linux Kernel Bluetooth hci_remove_adv_monitor
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free issue in the Linux kernel's Bluetooth subsystem, specifically in the function hci_remove_adv_monitor(). The problem occurs because the monitor structure can be freed prematurely by msft_remove_monitor(), leading to invalid memory access when bt_dev_dbg() tries to use it. The fix involves preserving the relevant data while it is still valid to avoid accessing freed memory.
How can this vulnerability impact me? :
This use-after-free vulnerability could lead to system instability or crashes in the Linux kernel's Bluetooth functionality. It may also be exploitable to cause unexpected behavior or potentially escalate privileges, depending on how the freed memory is accessed or manipulated.