exploitDog

CVE-2023-53145

Опубликовано: 10 мая 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame.

If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 4.14.326 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.19.295 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.4.257 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5 (включая) до 5.10.195 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.131 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 6.1.52 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.3 (исключая)

cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.3:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.3:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.3:rc6:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00017

Низкий

7.8 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

CVE-2023-53145

CVSS3: 7.8

ubuntu

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove.

CVE-2023-53145

CVSS3: 5.5

redhat

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove.

CVE-2023-53145

CVSS3: 7.8

debian

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: B ...

GHSA-x63c-5qg7-5jgc

CVSS3: 7.8

github

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove.

SUSE-SU-2025:02334-1

suse-cvrf

7 месяцев назад

Security update for the Linux Kernel

EPSS

Процентиль: 3%

0.00017

Низкий

7.8 High

CVSS3

Дефекты

CWE-416