7.8
CVE-2023-53386
- EPSS 0.14%
- Veröffentlicht 18.09.2025 13:33:29
- Zuletzt bearbeitet 14.01.2026 19:16:36
- CVE-Watchlists
- Unerledigt
Bluetooth: Fix potential use-after-free when clear keys
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix potential use-after-free when clear keys
Similar to commit c5d2b6fa26b5 ("Bluetooth: Fix use-after-free in
hci_remove_ltk/hci_remove_irk"). We can not access k after kfree_rcu()
call.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.7 < 5.10.195
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.132
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.53
Linux ≫ Linux Kernel Version >= 6.2 < 6.4.16
Linux ≫ Linux Kernel Version >= 6.5 < 6.5.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.036 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/e87da6a0ac6e631454e7da53a76aa9fe44aaa5dd
https://git.kernel.org/stable/c/942d8cefb022f384d5424f8b90c7878f3f93726f
https://git.kernel.org/stable/c/94617b736c25091b60e514e2e7aeafcbbee6b700
https://git.kernel.org/stable/c/da19f35868dfbecfff4f81166c054d2656cb1be4
https://git.kernel.org/stable/c/35cc42f04bc49f0656f6840cb7451b3df6049649
https://git.kernel.org/stable/c/3673952cf0c6cf81b06c66a0b788abeeb02ff3ae