Ying Hsu

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a potential use-after-free in the `hci error reset()` function when handling the `HCI EV HARDWARE ERROR` event. If the underlying BT controller is not responding, the GPIO reset mechanism would free the `hci dev` and lead to a use-after-free in `hci error reset()`. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with the `net/bluetooth/hci core.c` module in the Linux kernel. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.