CVE-2023-54214 — Use After Free in Linux

CWE-416 — Use After Free7 documents6 sources

Severity

5.8MEDIUM

No vector

EPSS

0.0%

top 89.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling alloc_skb which may release the chan lock and reacquire later which makes it possible that the chan is disconnected in the meantime.

Affected Packages4 packages

▶Linuxlinux/linux_kernel3.5.0 — 4.14.308+6

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linuxa6a5568c03c4805d4d250f6bd9d468eeeb4ea059 — b2fde8cb2a25125111f2144604e0e7c0ebcc4bba+8

▶debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

OSV

Bluetooth: L2CAP: Fix potential user-after-free↗2025-12-30

▶

GHSA

GHSA-c5c6-fj3h-jwh2: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of whic↗2025-12-30

▶

OSV

CVE-2023-54214: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: Bluetooth: L2CAP: Fix potential user-after-free↗2025-12-30

▶

Debian

CVE-2023-54214: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54214 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶