CVE-2023-53057

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0

Description A global-out-of-bounds issue has been identified in the Linux kernel's Bluetooth HCI component. The hci init stage sync function fails to properly validate the stage array, leading to potential out-of-bounds access. This issue is related to the amp init1 and amp init2 arrays, which lack an intentionally invalid element to prevent excessive access. The problem is resolved by adding an invalid element to the end of these arrays. The issue affects the /v6.2-bzimage/net/bluetooth/hci sync.c file, specifically the hci dev open sync function.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this problem. As a temporary workaround, consider restricting access to the Bluetooth HCI component until a patch is available.