CVE-2023-53828 — Use After Free in Linux

CWE-416 — Use After Free7 documents6 sources

Severity

5.6MEDIUM

No vector

EPSS

0.0%

top 90.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() KSAN reports use-after-free in hci_add_adv_monitor(). While adding an adv monitor, hci_add_adv_monitor() calls -> msft_add_monitor_pattern() calls -> msft_add_monitor_sync() calls -> msft_le_monitor_advertisement_cb() calls in an error case -> hci_free_adv_monitor() which frees the *moniter. This is referenced by bt_dev_dbg() in hci_add_adv_monitor().…

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.0.0 — 6.1.53+2

▶Debianlinux/linux_kernel< 6.1.55-1+2

▶CVEListV5linux/linuxb747a83690c8f53bc7a3f75899415c699b2c51aa — 81d8e9f59df63b8358751c1ffed9f1cf5c796909+4

▶debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

OSV

CVE-2023-53828: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() KSAN re↗2025-12-09

▶

OSV

Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor()↗2025-12-09

▶

GHSA

GHSA-jx2x-x589-6cw3: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() KSAN↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor()↗2025-12-09

▶

Debian

CVE-2023-53828: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-53828 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶