DEBIAN-CVE-2023-54038

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-54038

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54038.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-54038

Upstream

CVE-2023-54038

Published

2025-12-24T11:15:56.793Z

Modified

2025-12-25T11:11:20.717069Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: return ERRPTR instead of NULL when there is no link hciconnectsco currently returns NULL when there is no link (i.e. when hciconnlink() returns NULL). scoconnect() expects an ERRPTR in case of any error (see line 266 in sco.c). Thus, hcon set as NULL passes through to scoconnadd(), which tries to get hcon->hdev, resulting in dereferencing a NULL pointer as reported by syzkaller. The same issue exists for isoconnectcis() calling hciconnectcis(). Thus, make hciconnectsco() and hciconnectcis() return ERR_PTR instead of NULL.

References

https://security-tracker.debian.org/tracker/CVE-2023-54038

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54038.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54038.json"