CVE-2023-54164Use After Free in Linux

CWE-416Use After Free7 documents6 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state indicates whether iso_pi(sk)->conn is valid. Operations that check/update sk_state and access conn should hold lock_sock, otherwise they can race. The order of taking locks is hci_dev_lock > lock_sock > iso_conn_lock, which is how it is in connect/disconnect_cfm -> iso_conn_del -> iso_chan_del. Fix locking in iso_connect_cis/bis and sendmsg/recvmsg

Affected Packages4 packages

Linuxlinux/linux_kernel6.2.06.4.7+1
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linuxc524f9561c657b8af26dd4f67092b8928261aa62e969bfed84c1f88dc722a678ee08488e86f0ec1a+4
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54164: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state indi2025-12-30
GHSA
GHSA-7fc9-v6cv-523q: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix iso_conn related locking and validity issues sk->sk_state in2025-12-30
OSV
Bluetooth: ISO: fix iso_conn related locking and validity issues2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: Bluetooth: ISO: fix iso_conn related locking and validity issues2025-12-30
Debian
CVE-2023-54164: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54164 Impact, Exploitability, and Mitigation Steps | Wiz