CVE-2023-54210
- Source
- https://cve.org/CVERecord?id=CVE-2023-54210
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54210.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-54210
- Downstream
- Published
- 2025-12-30T12:11:08.682Z
- Modified
- 2025-12-30T20:11:04.542771Z
- Summary
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hcisync: Avoid use-after-free in dbg for hciremoveadvmonitor()
KASAN reports that there's a use-after-free in hciremoveadvmonitor(). Trawling through the disassembly, you can see that the complaint is from the access in btdevdbg() under the HCIADVMONITOREXTMSFT case. The problem case happens because msftremovemonitor() can end up freeing the monitor structure. Specifically: hciremoveadvmonitor() -> msftremovemonitor() -> msftremovemonitorsync() -> msftlecancelmonitoradvertisementcb() -> hcifreeadv_monitor()
Let's fix the problem by just stashing the relevant data when it's still valid.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54210.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0d4d6b083da9b033ddccef72d77f373c819ae3ea
- https://git.kernel.org/stable/c/bf00c2c8f6254f44ac041aa9a311ae9e0caf692b
- https://git.kernel.org/stable/c/de6dfcefd107667ce2dbedf4d9337f5ed557a4a1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54210.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-54210
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211cFixed0d4d6b083da9b033ddccef72d77f373c819ae3eaFixedbf00c2c8f6254f44ac041aa9a311ae9e0caf692bFixedde6dfcefd107667ce2dbedf4d9337f5ed557a4a1
Affected versions
v5.*
v5.19
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.4.1
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.5-rc1