PT-2025-41117 · Linux+4 · Linux Kernel+4

Published

2023-07-20

·

Updated

2026-04-20

·

CVE-2023-53673

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw in the Bluetooth implementation where the disconnect callback is called after the connection has been deleted. Specifically, in the hci cs disconnect function, hci conn del is called even if disconnection fails. This can lead to a use-after-free condition in ISO and L2CAP connections, as they may reference the deleted hci conn without proper cleanup. This can result in kernel crashes, as demonstrated by reports of NULL pointer dereferences and slab-use-after-free errors during ISO and L2CAP operations. The issue occurs during Bluetooth disconnection handling.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Use After Free

Weakness Enumeration

CWE-476CWE-416

Related Identifiers

ALSA-2025_16880
ALSA-2026:1142
ALSA-2026:1148
AZL-76422
BDU:2026-04382
CVE-2023-53673
RHSA-2024:2394
RHSA-2026:1142
RHSA-2026:1148
RHSA-2026:2490
RHSA-2026:2535
RHSA-2026:2560
RHSA-2026:2573
RHSA-2026:2577
RHSA-2026:2583
RHSA-2026:3360
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4111-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4135-1
SUSE-SU-2025:4139-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4149-1
SUSE-SU-2025:4171-1
SUSE-SU-2025:4172-1
SUSE-SU-2025:4188-1
SUSE-SU-2025:4199-1
SUSE-SU-2025:4203-1
SUSE-SU-2025:4213-1
SUSE-SU-2025:4215-1
SUSE-SU-2025:4227-1
SUSE-SU-2025:4230-1
SUSE-SU-2025:4233-1
SUSE-SU-2025:4237-1
SUSE-SU-2025:4239-1
SUSE-SU-2025:4242-1
SUSE-SU-2025:4281-1
SUSE-SU-2025:4285-1
SUSE-SU-2025:4301-1
SUSE-SU-2025:4320-1

Affected Products

Debian
Linux Kernel
Red Hat
Rocky Linux
Suse