CVE-2023-54038NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL). sco_connect() expects an ERR_PTR in case of any error (see line 266 in sco.c). Thus, hcon set as NULL passes through to sco_conn_add(), which tries to get hcon->hdev, resulting in dereferencing a NULL pointer as reported by syzkaller. The same issue e

Affected Packages4 packages

Linuxlinux/linux_kernel6.4.06.4.7
Debianlinux/linux_kernel< 6.4.11-1+1
CVEListV5linux/linux06149746e7203d5ffe2d6faf9799ee36203aa8b8357ab53c83a5322437fa434e9a9e3e0bafe6b383+3
debiandebian/linux< linux 6.4.11-1 (forky)

🔴Vulnerability Details

3
OSV
Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link2025-12-24
OSV
CVE-2023-54038: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_conn2025-12-24
GHSA
GHSA-j568-pqpx-g2wf: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_co2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service in Bluetooth HCI connection handling2025-12-24
Debian
CVE-2023-54038: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54038 Impact, Exploitability, and Mitigation Steps | Wiz