CVE-2023-54120Use After Free in Linux

CWE-416Use After Free7 documents6 sources
Severity
5.8MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidp_session_thread There is a potential race condition in hidp_session_thread that may lead to use-after-free. For instance, the timer is active while hidp_del_timer is called in hidp_session_thread(). After hidp_session_put, then 'session' will be freed, causing kernel panic when hidp_idle_timeout is running. The solution is to use del_timer_sync instead of del_timer. Here is the call trace

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.124.14.313+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2152f47bd6b995e0e98c85672f6d19894bc287ef2+8
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54120: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidp_session_thread There is a potential race con2025-12-24
OSV
Bluetooth: Fix race condition in hidp_session_thread2025-12-24
GHSA
GHSA-732j-jg49-j2pr: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidp_session_thread There is a potential race c2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel Bluetooth: Denial of Service via race condition in hidp_session_thread2025-12-24
Debian
CVE-2023-54120: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54120 Impact, Exploitability, and Mitigation Steps | Wiz