-
CVE-2023-54210
- EPSS 0.03%
- Veröffentlicht 30.12.2025 12:11:08
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() KASAN reports that there's a use-after-free in hci_remove_adv_monitor(). Trawling through the disassembly, you can see that the complaint is from the access in bt_dev_dbg() under the HCI_ADV_MONITOR_EXT_MSFT case. The problem case happens because msft_remove_monitor() can end up freeing the monitor structure. Specifically: hci_remove_adv_monitor() -> msft_remove_monitor() -> msft_remove_monitor_sync() -> msft_le_cancel_monitor_advertisement_cb() -> hci_free_adv_monitor() Let's fix the problem by just stashing the relevant data when it's still valid.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211c
Version <
0d4d6b083da9b033ddccef72d77f373c819ae3ea
Status
affected
Version
7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211c
Version <
bf00c2c8f6254f44ac041aa9a311ae9e0caf692b
Status
affected
Version
7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211c
Version <
de6dfcefd107667ce2dbedf4d9337f5ed557a4a1
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
6.0
Status
affected
Version
0
Version <
6.0
Status
unaffected
Version <=
6.1.*
Version
6.1.42
Status
unaffected
Version <=
6.4.*
Version
6.4.7
Status
unaffected
Version <=
*
Version
6.5
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.092 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|