CVE-2023-52830

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-52830
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

22 May 2024, 12:15

Type Values Removed Values Added
References
  • {'url': 'https://git.kernel.org/stable/c/3c4236f1b2a715e878a06599fa8b0cc21f165d28', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/53d61daf35b1bbf3ae06e852ee107aa2f05b3776', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/56a4fdde95ed98d864611155f6728983e199e198', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/5c53afc766e07098429520b7677eaa164b593451', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/87624b1f9b781549e69f92db7ede012a21cec275', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/a85fb91e3d728bdfc80833167e8162cce8bc7004', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/ba7088769800d9892a7e4f35c3137a5b3e65410b', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/fc666d1b47518a18519241cae213de1babd4a4ba', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
Summary (en) In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix double free in hci_conn_cleanup syzbot reports a slab use-after-free in hci_conn_hash_flush [1]. After releasing an object using hci_conn_del_sysfs in the hci_conn_cleanup function, releasing the same object again using the hci_dev_put and hci_conn_put functions causes a double free. Here's a simplified flow: hci_conn_del_sysfs: hci_dev_put put_device kobject_put kref_put kobject_release kobject_cleanup kfree_const kfree(name) hci_dev_put: ... kfree(name) hci_conn_put: put_device ... kfree(name) This patch drop the hci_dev_put and hci_conn_put function call in hci_conn_cleanup function, because the object is freed in hci_conn_del_sysfs function. This patch also fixes the refcounting in hci_conn_add_sysfs() and hci_conn_del_sysfs() to take into account device_add() failures. This fixes CVE-2023-28464. (en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

21 May 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-21 16:15

Updated : 2024-05-22 12:15

NVD link : CVE-2023-52830

Mitre link : CVE-2023-52830

CVE.ORG link : CVE-2023-52830

JSON object : View

Products Affected

No product.

CWE

No CWE.