CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53252

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync hci_update_accept_list_sync iterates over hdev->pend_le_conns and hdev->pend_le_reports, and waits for controller events in the loop body, without holding hdev lock. Meanwhile, these lists and the items may be modified e.g. by le_scan_cleanup. This can invalidate the list cursor or any other item in the list, resulting to invalid behavior (eg use-after-free). Use RCU for the hci_conn_params action lists. Since the loop bodies in hci_sync block and we cannot use RCU or hdev->lock for the whole loop, copy list items first and then iterate on the copy. Only the flags field is written from elsewhere, so READ_ONCE/WRITE_ONCE should guarantee we read valid values. Free params everywhere with hci_conn_params_free so the cleanup is guaranteed to be done properly. This fixes the following, which can be triggered e.g. by BlueZ new mgmt-tester case "Add + Remove Device Nowait - Success", or by changing hci_le_set_cig_params to always return false, and running iso-tester: ================================================================== BUG: KASAN: slab-use-after-free in hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841) Read of size 8 at addr ffff888001265018 by task kworker/u3:0/32 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014 Workqueue: hci0 hci_cmd_sync_work Call Trace: <TASK> dump_stack_lvl (./arch/x86/include/asm/irqflags.h:134 lib/dump_stack.c:107) print_report (mm/kasan/report.c:320 mm/kasan/report.c:430) ? __virt_addr_valid (./include/linux/mmzone.h:1915 ./include/linux/mmzone.h:2011 arch/x86/mm/physaddr.c:65) ? hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841) kasan_report (mm/kasan/report.c:538) ? hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841) hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841) ? __pfx_hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2780) ? mutex_lock (kernel/locking/mutex.c:282) ? __pfx_mutex_lock (kernel/locking/mutex.c:282) ? __pfx_mutex_unlock (kernel/locking/mutex.c:538) ? __pfx_update_passive_scan_sync (net/bluetooth/hci_sync.c:2861) hci_cmd_sync_work (net/bluetooth/hci_sync.c:306) process_one_work (./arch/x86/include/asm/preempt.h:27 kernel/workqueue.c:2399) worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2538) ? __pfx_worker_thread (kernel/workqueue.c:2480) kthread (kernel/kthread.c:376) ? __pfx_kthread (kernel/kthread.c:331) ret_from_fork (arch/x86/entry/entry_64.S:314) </TASK> Allocated by task 31: kasan_save_stack (mm/kasan/common.c:46) kasan_set_track (mm/kasan/common.c:52) __kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383) hci_conn_params_add (./include/linux/slab.h:580 ./include/linux/slab.h:720 net/bluetooth/hci_core.c:2277) hci_connect_le_scan (net/bluetooth/hci_conn.c:1419 net/bluetooth/hci_conn.c:1589) hci_connect_cis (net/bluetooth/hci_conn.c:2266) iso_connect_cis (net/bluetooth/iso.c:390) iso_sock_connect (net/bluetooth/iso.c:899) __sys_connect (net/socket.c:2003 net/socket.c:2020) __x64_sys_connect (net/socket.c:2027) do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) Freed by task 15: kasan_save_stack (mm/kasan/common.c:46) kasan_set_track (mm/kasan/common.c:52) kasan_save_free_info (mm/kasan/generic.c:523) __kasan_slab_free (mm/kasan/common.c:238 mm/kasan/common.c:200 mm/kasan/common.c:244) __kmem_cache_free (mm/slub.c:1807 mm/slub.c:3787 mm/slub.c:3800) hci_conn_params_del (net/bluetooth/hci_core.c:2323) le_scan_cleanup (net/bluetooth/hci_conn.c:202) process_one_work (./arch/x86/include/asm/preempt. ---truncated---

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.9%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2023-53252

Linux » Linux Kernel » Version: 5.17

cpe:2.3:o:linux:linux_kernel:5.17
Linux » Linux Kernel » Version: 5.17.1

cpe:2.3:o:linux:linux_kernel:5.17.1
Linux » Linux Kernel » Version: 5.17.10

cpe:2.3:o:linux:linux_kernel:5.17.10
Linux » Linux Kernel » Version: 5.17.11

cpe:2.3:o:linux:linux_kernel:5.17.11
Linux » Linux Kernel » Version: 5.17.12

cpe:2.3:o:linux:linux_kernel:5.17.12
Linux » Linux Kernel » Version: 5.17.13

cpe:2.3:o:linux:linux_kernel:5.17.13
Linux » Linux Kernel » Version: 5.17.14

cpe:2.3:o:linux:linux_kernel:5.17.14
Linux » Linux Kernel » Version: 5.17.15

cpe:2.3:o:linux:linux_kernel:5.17.15
Linux » Linux Kernel » Version: 5.17.2

cpe:2.3:o:linux:linux_kernel:5.17.2
Linux » Linux Kernel » Version: 5.17.3

cpe:2.3:o:linux:linux_kernel:5.17.3
Linux » Linux Kernel » Version: 5.17.4

cpe:2.3:o:linux:linux_kernel:5.17.4
Linux » Linux Kernel » Version: 5.17.5

cpe:2.3:o:linux:linux_kernel:5.17.5
Linux » Linux Kernel » Version: 5.17.6

cpe:2.3:o:linux:linux_kernel:5.17.6
Linux » Linux Kernel » Version: 5.17.7

cpe:2.3:o:linux:linux_kernel:5.17.7
Linux » Linux Kernel » Version: 5.17.8

cpe:2.3:o:linux:linux_kernel:5.17.8
Linux » Linux Kernel » Version: 5.17.9

cpe:2.3:o:linux:linux_kernel:5.17.9
Linux » Linux Kernel » Version: 5.18

cpe:2.3:o:linux:linux_kernel:5.18
Linux » Linux Kernel » Version: 5.18.1

cpe:2.3:o:linux:linux_kernel:5.18.1
Linux » Linux Kernel » Version: 5.18.10

cpe:2.3:o:linux:linux_kernel:5.18.10
Linux » Linux Kernel » Version: 5.18.11

cpe:2.3:o:linux:linux_kernel:5.18.11
Linux » Linux Kernel » Version: 5.18.12

cpe:2.3:o:linux:linux_kernel:5.18.12
Linux » Linux Kernel » Version: 5.18.13

cpe:2.3:o:linux:linux_kernel:5.18.13
Linux » Linux Kernel » Version: 5.18.14

cpe:2.3:o:linux:linux_kernel:5.18.14
Linux » Linux Kernel » Version: 5.18.15

cpe:2.3:o:linux:linux_kernel:5.18.15
Linux » Linux Kernel » Version: 5.18.16

cpe:2.3:o:linux:linux_kernel:5.18.16
Linux » Linux Kernel » Version: 5.18.17

cpe:2.3:o:linux:linux_kernel:5.18.17
Linux » Linux Kernel » Version: 5.18.18

cpe:2.3:o:linux:linux_kernel:5.18.18
Linux » Linux Kernel » Version: 5.18.19

cpe:2.3:o:linux:linux_kernel:5.18.19
Linux » Linux Kernel » Version: 5.18.2

cpe:2.3:o:linux:linux_kernel:5.18.2
Linux » Linux Kernel » Version: 5.18.3

cpe:2.3:o:linux:linux_kernel:5.18.3
Linux » Linux Kernel » Version: 5.18.4

cpe:2.3:o:linux:linux_kernel:5.18.4
Linux » Linux Kernel » Version: 5.18.5

cpe:2.3:o:linux:linux_kernel:5.18.5
Linux » Linux Kernel » Version: 5.18.6

cpe:2.3:o:linux:linux_kernel:5.18.6
Linux » Linux Kernel » Version: 5.18.7

cpe:2.3:o:linux:linux_kernel:5.18.7
Linux » Linux Kernel » Version: 5.18.8

cpe:2.3:o:linux:linux_kernel:5.18.8
Linux » Linux Kernel » Version: 5.18.9

cpe:2.3:o:linux:linux_kernel:5.18.9
Linux » Linux Kernel » Version: 5.19

cpe:2.3:o:linux:linux_kernel:5.19
Linux » Linux Kernel » Version: 5.19.1

cpe:2.3:o:linux:linux_kernel:5.19.1
Linux » Linux Kernel » Version: 5.19.10

cpe:2.3:o:linux:linux_kernel:5.19.10
Linux » Linux Kernel » Version: 5.19.11

cpe:2.3:o:linux:linux_kernel:5.19.11
Linux » Linux Kernel » Version: 5.19.12

cpe:2.3:o:linux:linux_kernel:5.19.12
Linux » Linux Kernel » Version: 5.19.13

cpe:2.3:o:linux:linux_kernel:5.19.13
Linux » Linux Kernel » Version: 5.19.14

cpe:2.3:o:linux:linux_kernel:5.19.14
Linux » Linux Kernel » Version: 5.19.15

cpe:2.3:o:linux:linux_kernel:5.19.15
Linux » Linux Kernel » Version: 5.19.16

cpe:2.3:o:linux:linux_kernel:5.19.16
Linux » Linux Kernel » Version: 5.19.17

cpe:2.3:o:linux:linux_kernel:5.19.17
Linux » Linux Kernel » Version: 5.19.2

cpe:2.3:o:linux:linux_kernel:5.19.2
Linux » Linux Kernel » Version: 5.19.3

cpe:2.3:o:linux:linux_kernel:5.19.3
Linux » Linux Kernel » Version: 5.19.4

cpe:2.3:o:linux:linux_kernel:5.19.4
Linux » Linux Kernel » Version: 5.19.5

cpe:2.3:o:linux:linux_kernel:5.19.5
Linux » Linux Kernel » Version: 5.19.6

cpe:2.3:o:linux:linux_kernel:5.19.6
Linux » Linux Kernel » Version: 5.19.7

cpe:2.3:o:linux:linux_kernel:5.19.7
Linux » Linux Kernel » Version: 5.19.8

cpe:2.3:o:linux:linux_kernel:5.19.8
Linux » Linux Kernel » Version: 5.19.9

cpe:2.3:o:linux:linux_kernel:5.19.9
Linux » Linux Kernel » Version: 6.0

cpe:2.3:o:linux:linux_kernel:6.0
Linux » Linux Kernel » Version: 6.0.1

cpe:2.3:o:linux:linux_kernel:6.0.1
Linux » Linux Kernel » Version: 6.0.10

cpe:2.3:o:linux:linux_kernel:6.0.10
Linux » Linux Kernel » Version: 6.0.11

cpe:2.3:o:linux:linux_kernel:6.0.11
Linux » Linux Kernel » Version: 6.0.12

cpe:2.3:o:linux:linux_kernel:6.0.12
Linux » Linux Kernel » Version: 6.0.13

cpe:2.3:o:linux:linux_kernel:6.0.13
Linux » Linux Kernel » Version: 6.0.14

cpe:2.3:o:linux:linux_kernel:6.0.14
Linux » Linux Kernel » Version: 6.0.15

cpe:2.3:o:linux:linux_kernel:6.0.15
Linux » Linux Kernel » Version: 6.0.16

cpe:2.3:o:linux:linux_kernel:6.0.16
Linux » Linux Kernel » Version: 6.0.17

cpe:2.3:o:linux:linux_kernel:6.0.17
Linux » Linux Kernel » Version: 6.0.18

cpe:2.3:o:linux:linux_kernel:6.0.18
Linux » Linux Kernel » Version: 6.0.19

cpe:2.3:o:linux:linux_kernel:6.0.19
Linux » Linux Kernel » Version: 6.0.2

cpe:2.3:o:linux:linux_kernel:6.0.2
Linux » Linux Kernel » Version: 6.0.3

cpe:2.3:o:linux:linux_kernel:6.0.3
Linux » Linux Kernel » Version: 6.0.4

cpe:2.3:o:linux:linux_kernel:6.0.4
Linux » Linux Kernel » Version: 6.0.5

cpe:2.3:o:linux:linux_kernel:6.0.5
Linux » Linux Kernel » Version: 6.0.6

cpe:2.3:o:linux:linux_kernel:6.0.6
Linux » Linux Kernel » Version: 6.0.7

cpe:2.3:o:linux:linux_kernel:6.0.7
Linux » Linux Kernel » Version: 6.0.8

cpe:2.3:o:linux:linux_kernel:6.0.8
Linux » Linux Kernel » Version: 6.0.9

cpe:2.3:o:linux:linux_kernel:6.0.9
Linux » Linux Kernel » Version: 6.1

cpe:2.3:o:linux:linux_kernel:6.1
Linux » Linux Kernel » Version: 6.1.0

cpe:2.3:o:linux:linux_kernel:6.1.0
Linux » Linux Kernel » Version: 6.1.1

cpe:2.3:o:linux:linux_kernel:6.1.1
Linux » Linux Kernel » Version: 6.1.10

cpe:2.3:o:linux:linux_kernel:6.1.10
Linux » Linux Kernel » Version: 6.1.11

cpe:2.3:o:linux:linux_kernel:6.1.11
Linux » Linux Kernel » Version: 6.1.12

cpe:2.3:o:linux:linux_kernel:6.1.12
Linux » Linux Kernel » Version: 6.1.13

cpe:2.3:o:linux:linux_kernel:6.1.13
Linux » Linux Kernel » Version: 6.1.14

cpe:2.3:o:linux:linux_kernel:6.1.14
Linux » Linux Kernel » Version: 6.1.15

cpe:2.3:o:linux:linux_kernel:6.1.15
Linux » Linux Kernel » Version: 6.1.16

cpe:2.3:o:linux:linux_kernel:6.1.16
Linux » Linux Kernel » Version: 6.1.17

cpe:2.3:o:linux:linux_kernel:6.1.17
Linux » Linux Kernel » Version: 6.1.18

cpe:2.3:o:linux:linux_kernel:6.1.18
Linux » Linux Kernel » Version: 6.1.19

cpe:2.3:o:linux:linux_kernel:6.1.19
Linux » Linux Kernel » Version: 6.1.2

cpe:2.3:o:linux:linux_kernel:6.1.2
Linux » Linux Kernel » Version: 6.1.20

cpe:2.3:o:linux:linux_kernel:6.1.20
Linux » Linux Kernel » Version: 6.1.21

cpe:2.3:o:linux:linux_kernel:6.1.21
Linux » Linux Kernel » Version: 6.1.22

cpe:2.3:o:linux:linux_kernel:6.1.22
Linux » Linux Kernel » Version: 6.1.23

cpe:2.3:o:linux:linux_kernel:6.1.23
Linux » Linux Kernel » Version: 6.1.24

cpe:2.3:o:linux:linux_kernel:6.1.24
Linux » Linux Kernel » Version: 6.1.25

cpe:2.3:o:linux:linux_kernel:6.1.25
Linux » Linux Kernel » Version: 6.1.26

cpe:2.3:o:linux:linux_kernel:6.1.26
Linux » Linux Kernel » Version: 6.1.27

cpe:2.3:o:linux:linux_kernel:6.1.27
Linux » Linux Kernel » Version: 6.1.28

cpe:2.3:o:linux:linux_kernel:6.1.28
Linux » Linux Kernel » Version: 6.1.29

cpe:2.3:o:linux:linux_kernel:6.1.29
Linux » Linux Kernel » Version: 6.1.3

cpe:2.3:o:linux:linux_kernel:6.1.3
Linux » Linux Kernel » Version: 6.1.30

cpe:2.3:o:linux:linux_kernel:6.1.30
Linux » Linux Kernel » Version: 6.1.31

cpe:2.3:o:linux:linux_kernel:6.1.31
Linux » Linux Kernel » Version: 6.1.32

cpe:2.3:o:linux:linux_kernel:6.1.32
Linux » Linux Kernel » Version: 6.1.33

cpe:2.3:o:linux:linux_kernel:6.1.33
Linux » Linux Kernel » Version: 6.1.34

cpe:2.3:o:linux:linux_kernel:6.1.34
Linux » Linux Kernel » Version: 6.1.35

cpe:2.3:o:linux:linux_kernel:6.1.35
Linux » Linux Kernel » Version: 6.1.36

cpe:2.3:o:linux:linux_kernel:6.1.36
Linux » Linux Kernel » Version: 6.1.37

cpe:2.3:o:linux:linux_kernel:6.1.37
Linux » Linux Kernel » Version: 6.1.38

cpe:2.3:o:linux:linux_kernel:6.1.38
Linux » Linux Kernel » Version: 6.1.39

cpe:2.3:o:linux:linux_kernel:6.1.39
Linux » Linux Kernel » Version: 6.1.4

cpe:2.3:o:linux:linux_kernel:6.1.4
Linux » Linux Kernel » Version: 6.1.40

cpe:2.3:o:linux:linux_kernel:6.1.40
Linux » Linux Kernel » Version: 6.1.41

cpe:2.3:o:linux:linux_kernel:6.1.41
Linux » Linux Kernel » Version: 6.1.5

cpe:2.3:o:linux:linux_kernel:6.1.5
Linux » Linux Kernel » Version: 6.1.6

cpe:2.3:o:linux:linux_kernel:6.1.6
Linux » Linux Kernel » Version: 6.1.7

cpe:2.3:o:linux:linux_kernel:6.1.7
Linux » Linux Kernel » Version: 6.1.8

cpe:2.3:o:linux:linux_kernel:6.1.8
Linux » Linux Kernel » Version: 6.1.9

cpe:2.3:o:linux:linux_kernel:6.1.9
Linux » Linux Kernel » Version: 6.2

cpe:2.3:o:linux:linux_kernel:6.2
Linux » Linux Kernel » Version: 6.2.0

cpe:2.3:o:linux:linux_kernel:6.2.0
Linux » Linux Kernel » Version: 6.2.1

cpe:2.3:o:linux:linux_kernel:6.2.1
Linux » Linux Kernel » Version: 6.2.10

cpe:2.3:o:linux:linux_kernel:6.2.10
Linux » Linux Kernel » Version: 6.2.11

cpe:2.3:o:linux:linux_kernel:6.2.11
Linux » Linux Kernel » Version: 6.2.12

cpe:2.3:o:linux:linux_kernel:6.2.12
Linux » Linux Kernel » Version: 6.2.13

cpe:2.3:o:linux:linux_kernel:6.2.13
Linux » Linux Kernel » Version: 6.2.14

cpe:2.3:o:linux:linux_kernel:6.2.14
Linux » Linux Kernel » Version: 6.2.15

cpe:2.3:o:linux:linux_kernel:6.2.15
Linux » Linux Kernel » Version: 6.2.16

cpe:2.3:o:linux:linux_kernel:6.2.16
Linux » Linux Kernel » Version: 6.2.2

cpe:2.3:o:linux:linux_kernel:6.2.2
Linux » Linux Kernel » Version: 6.2.3

cpe:2.3:o:linux:linux_kernel:6.2.3
Linux » Linux Kernel » Version: 6.2.4

cpe:2.3:o:linux:linux_kernel:6.2.4
Linux » Linux Kernel » Version: 6.2.5

cpe:2.3:o:linux:linux_kernel:6.2.5
Linux » Linux Kernel » Version: 6.2.6

cpe:2.3:o:linux:linux_kernel:6.2.6
Linux » Linux Kernel » Version: 6.2.7

cpe:2.3:o:linux:linux_kernel:6.2.7
Linux » Linux Kernel » Version: 6.2.8

cpe:2.3:o:linux:linux_kernel:6.2.8
Linux » Linux Kernel » Version: 6.2.9

cpe:2.3:o:linux:linux_kernel:6.2.9
Linux » Linux Kernel » Version: 6.3

cpe:2.3:o:linux:linux_kernel:6.3
Linux » Linux Kernel » Version: 6.3.1

cpe:2.3:o:linux:linux_kernel:6.3.1
Linux » Linux Kernel » Version: 6.3.10

cpe:2.3:o:linux:linux_kernel:6.3.10
Linux » Linux Kernel » Version: 6.3.11

cpe:2.3:o:linux:linux_kernel:6.3.11
Linux » Linux Kernel » Version: 6.3.12

cpe:2.3:o:linux:linux_kernel:6.3.12
Linux » Linux Kernel » Version: 6.3.13

cpe:2.3:o:linux:linux_kernel:6.3.13
Linux » Linux Kernel » Version: 6.3.2

cpe:2.3:o:linux:linux_kernel:6.3.2
Linux » Linux Kernel » Version: 6.3.3

cpe:2.3:o:linux:linux_kernel:6.3.3
Linux » Linux Kernel » Version: 6.3.4

cpe:2.3:o:linux:linux_kernel:6.3.4
Linux » Linux Kernel » Version: 6.3.5

cpe:2.3:o:linux:linux_kernel:6.3.5
Linux » Linux Kernel » Version: 6.3.6

cpe:2.3:o:linux:linux_kernel:6.3.6
Linux » Linux Kernel » Version: 6.3.7

cpe:2.3:o:linux:linux_kernel:6.3.7
Linux » Linux Kernel » Version: 6.3.8

cpe:2.3:o:linux:linux_kernel:6.3.8
Linux » Linux Kernel » Version: 6.3.9

cpe:2.3:o:linux:linux_kernel:6.3.9
Linux » Linux Kernel » Version: 6.4

cpe:2.3:o:linux:linux_kernel:6.4
Linux » Linux Kernel » Version: 6.4.1

cpe:2.3:o:linux:linux_kernel:6.4.1
Linux » Linux Kernel » Version: 6.4.2

cpe:2.3:o:linux:linux_kernel:6.4.2
Linux » Linux Kernel » Version: 6.4.3

cpe:2.3:o:linux:linux_kernel:6.4.3
Linux » Linux Kernel » Version: 6.4.4

cpe:2.3:o:linux:linux_kernel:6.4.4
Linux » Linux Kernel » Version: 6.4.5

cpe:2.3:o:linux:linux_kernel:6.4.5
Linux » Linux Kernel » Version: 6.4.6

cpe:2.3:o:linux:linux_kernel:6.4.6
Linux » Linux Kernel » Version: 6.5

cpe:2.3:o:linux:linux_kernel:6.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53252

Products

Pricing

Contact Us