PT-2025-18827 · Linux+2 · Linux Kernel+2
Published
2025-05-02
·
Updated
2026-04-20
·
CVE-2023-53063
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A use after free bug has been identified in the Linux kernel's Bluetooth component, specifically in the btsdio remove function due to unfinished work. This issue arises when the btsdio remove function is called while a job is still pending, potentially leading to a race condition and causing an Unaddressed Free (UAF) bug on hdev. The bug is related to the btsdio probe and btsdio send frame functions, where the
work variable is scheduled but not properly handled in case of removal.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel
Red Os
Suse